Stranger Recognition Skill | 陌生人识别技能

Identifies strangers appearing in surveillance areas through facial comparison; supports video stream and image detection, suitable for stranger warnings in...

Key points to consider before installing or running this skill: - Data exfiltration risk: The skill uploads images/videos to remote APIs (RequestUtil.http_post). Confirm the actual API endpoints (skills/smyx_common/scripts/config.yaml and ApiEnum base URLs) and the operator/owner of those endpoints before sending sensitive media or people-identifying data. - Undeclared config/env access: Although the skill declares no required credentials, it reads environment variables and looks up API keys in skills/smyx_common/scripts/config.yaml (first in the skill, then workspace). Review that file and any workspace-level config to ensure no sensitive credentials would be used or leaked. - Contradictory instructions: SKILL.md forbids reading local memory, yet the code will read/write config.yaml files and read environment variables. Expect these behaviors despite the prohibition in the docs. - File I/O behavior: The skill will read local media files you point it at (expected) and will save attachments into an attachments directory. It may also create config.yaml files if missing. If you are running in a shared environment, be cautious about which directories it can access. - Privacy & legal: Facial recognition involves personal data. Ensure you have lawful basis to process faces and that storage/retention settings meet privacy/regulatory requirements. - Verify implementation details before use: Inspect skills/smyx_common/scripts/util.py (RequestUtil) to see where HTTP posts go and how authentication is handled. Confirm MAX_FILE_SIZE and supported formats — SKILL.md claims 100MB but code/config default is 10MB (inconsistency). - Operational suggestion: Run the skill in a controlled environment (isolated workspace or sandbox) first, review network destinations, and avoid using real-world surveillance footage or real personal identifiers until you confirm endpoints and retention policies.

Type: OpenClaw Skill Name: smyx-stranger-recognition-analysis Version: 1.0.0 The skill bundle implements a complex identity and token management system that automatically registers users (using phone numbers or Open-IDs) to a remote backend (lifeemergence.com) and stores access tokens in a local SQLite database (smyx-common-claw.db). A significant security concern is found in 'skills/smyx_common/scripts/skill.py', which contains logic to execute the 'openclaw' CLI tool via subprocess.run, providing a mechanism for the script to trigger arbitrary agent actions. Furthermore, 'SKILL.md' includes 'Mandatory Memory Rules' that override standard AI behavior to strictly prohibit the use of local memory or LanceDB, forcing the agent to rely exclusively on the external API for historical data, which could be used to bypass local session logs or safety constraints.