Intelligent Video Search & Retrieval Analysis Skill | 视频搜索检索智能分析技能 — Intelligent 视频 搜索 & Retrieval Analysis 技能 | 视频搜索检索智能分析技能 — 技能工具
v1.0.0Conducts intelligent 视频 搜索 BASEd on tar获取 and semantic descriptions; 支持s conventional tar获取 retrieval, natural language description retrieval,...
0· 53·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill appears to implement cloud-based video analysis (which matches its description) but contains multiple internal inconsistencies and unexpected local persistence/network behaviors that the developer did not declare.
评估建议
Key points to consider before installing or running this skill:
- Data exfiltration risk: The scripts upload video files (multipart/form-data) to remote AI endpoints (default base URLs in smyx_common point at lifeemergence.com). If your videos contain sensitive personal or confidential content, do NOT run the skill until you confirm the target API and privacy policy.
- Undeclared environment/config requirements: The skill metadata says no env vars or credentials are required, but the code read...详细分析 ▾
ℹ 用途与能力
The stated purpose (video search/analysis) matches the code that calls remote AI-analysis APIs and uploads videos. However the bundle also includes unrelated modules (face_analysis, TCM/health analysis) and a large common library (smyx_common) — more functionality and dependencies than the skill description implies.
⚠ 指令范围
SKILL.md strictly forbids reading local memory files, yet the codebase includes local DB/DAO logic and config file handling. The runtime instructions mandate reading config files for open-id and using python -m scripts.video_search_analysis, which will perform HTTP uploads of video files to external APIs. The strong ‘no local memory’ rule in the doc is therefore inconsistent with the code that can read/write workspace config/data files.
ℹ 安装机制
There is no install spec (instruction-only metadata) but the package contains requirements files and many modules with heavy third‑party dependencies (smyx_common requirements lists dozens of packages). This is disproportionate to a small video-search script and means running it may attempt to import many packages not declared in the skill metadata.
⚠ 凭证需求
Metadata declares no required env vars/credentials, but code reads environment variables (OPENCLAW_WORKSPACE, OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) and relies on config YAMLs that may contain API keys/base URLs. The SKILL.md enforces obtaining an open-id from local config files or user input, and the API endpoint defaults point to external domains (lifeemergence.com). Secret/credential access is therefore required in practice but not declared.
⚠ 持久化与权限
Skill will write/read local files: it expects/creates config.yaml, may save uploaded attachments under a skill attachments directory, and the common dao code creates/uses a SQLite DB under a workspace data directory. Although always:false, the skill thus gains local persistence and can create files under the OPENCLAW_WORKSPACE-derived data path.
⚠ skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install smyx-video-search-analysis
镜像加速npx clawhub@latest install smyx-video-search-analysis --registry https://cn.longxiaskill.com 镜像可用