Stroke Risk Screening Analysis Skill | 脑卒中风险筛查分析技能

Combines TCM facial feature recognition with physiological indicator information to provide early warnings of high-risk stroke conditions such as cerebral in...

Key things to consider before installing or running this skill: - Inconsistency: The skill's docs forbid reading local 'memory' but the bundled code reads/writes local config files and creates a SQLite DB and attachments under the workspace. Expect local files to be created/modified. - Undeclared env usage: The runtime expects OPENCLAW_WORKSPACE and may read OPENCLAW_SENDER_OPEN_ID / FEISHU_OPEN_ID and local config files for open-id and API endpoints, but these are not declared in metadata — confirm where your open-id/api-key will come from and don't supply sensitive credentials if unsure. - Data handling: Uploaded face videos/photos and any saved attachments will be written to workspace disk and may be uploaded to remote API endpoints. If you have privacy concerns (sensitive individuals, PII), avoid using real patient data. - API trust: The code uses configurable API base URLs (defaults point to lifeemergence domains in config). Verify the remote API endpoints and operator before sending images or physiological data. - Medical disclaimer: The skill is a screening aid and not a diagnostic tool. Do not rely on it for clinical decisions. Recommendations: 1) Inspect skills/smyx_common/scripts/config.yaml and scripts/config.* to see configured endpoints before running. 2) Run in an isolated environment or sandbox and avoid providing real user identifiers or sensitive data until you trust the service. 3) If you accept the risk, prefer to supply a dedicated (non-sensitive) open-id and a short-lived API key; delete attachments and the local SQLite DB afterwards if needed. 4) If you need the skill to strictly avoid local persistence, request a version that omits the DAO/local storage or modify the code to disable writing files.

Type: OpenClaw Skill Name: smyx-stroke-risk-screening-analysis Version: 1.0.0 The skill bundle implements a health screening service that relies on a remote backend (lifeemergence.com). It is classified as suspicious due to several high-risk patterns: 1) SKILL.md contains forceful 'Mandatory Memory Rules' (prompt injection) that explicitly instruct the AI agent to bypass local memory and retrieval systems, forcing reliance on the developer's API; 2) scripts/smyx_common/scripts/skill.py contains logic to execute 'openclaw agent' commands via subprocess.run; and 3) scripts/smyx_common/scripts/util.py automatically attempts to register/login users by sending identifiers (phone/open-id) to a remote endpoint. While these features support the stated functionality, they represent significant control-flow overrides and data-handling risks.