xiaoyue-companion

该技能的核心能力与“视频抽帧+视觉分析”目的基本一致，PyPI 依赖也属常规，整体不像伪装型恶意技能。但文档中出现明文 Coze API Key 是严重异常，同时允许将视觉请求和密钥发往任意自定义 API_BASE，导致图片与凭据存在被第三方接收的风险。综合判断为 SUSPICIOUS：不是确认恶意，但存在明显凭据暴露和数据流完整性问题。

该技能的高层目标与所述多媒体能力基本一致，未见直接恶意指令、凭证窃取端点或预执行攻击。主要风险来自核心脚本与外部模型/服务未提供、API 凭证用途不透明，以及对另一技能的转移信任依赖，因此更适合判定为可疑但非恶意。

The codebase functions as a feature-rich chat assistant server with multiple integrations (Feishu, ZHIPU/StarClaw, OpenClaw, TTS, and local agent personas). There is no explicit malicious payload or backdoor detected. Primary security concerns center on: (1) loading local soul prompts from a fixed Windows path which could lead to prompt injection if the content is compromised; (2) permissive file uploads for voice cloning without validation; (3) SSRF risk via /api/tts/audio fetch of arbitrary URLs; (4) per-request API key override with potential credential leakage through logs; (5) exposure of internal configuration through health/status endpoints. Mitigations should include: restricting and validating local soul sources, strict file upload validation and storage handling, URL allowlisting for TTS proxy, redacting sensitive data from logs, and authentication/authorization on sensitive endpoints. Overall security risk remains moderate to high until mitigations are implemented.

SUSPICIOUS: overall purpose and capabilities are mostly coherent for a video-creation skill, and the install path is ordinary PyPI-based tooling. The main concern is data-flow integrity: Coze appears plausible, but the claimed Suno API lacks clear official public API provenance, so prompts and API keys may be routed through a third-party intermediary. This is not confirmed malware, but it presents medium risk due to external credential forwarding and unclear endpoint trust.

该技能目的与能力总体一致，但它把任意网页采集、内容处理、真实浏览器自动化和多平台公开发布整合到一个高权限工作流中，风险主要来自现实世界自动发布、外部内容进入发布链路，以及较宽的转移信任边界。未见明确恶意或异常外传端点证据，因此更接近高风险可疑/脆弱技能，而非确认恶意。

This is an integration/configuration guide and example code that enables a chat frontend to forward task requests to an OpenClaw agent which executes actions on the host. The code itself does not contain obfuscated or directly malicious payloads, but it enables remote execution capabilities and recommends exposing services publicly and storing/transmitting tokens in plaintext. Without additional access controls, input validation, and command whitelisting this creates a significant attack surface: an attacker who obtains the OPENCLAW_TOKEN or gains access to the exposed endpoint can execute arbitrary actions on the host. Treat this as a legitimate-but-high-risk integration requiring strict hardening before use.

SUSPICIOUS: the skill’s main capabilities broadly fit its stated pet-video creation purpose, but it combines external media ingestion, credentialed API use, and a credential-handling helper package whose official provenance to Coze is not clearly verifiable. This is not confirmed malware, but it carries moderate security risk from supply-chain trust and credential forwarding.

该 skill 的总体用途与聊天/图片/飞书集成功能大体一致，但安装来源未指明仓库归属，导致核心代码供应链不可验证，这是主要风险。凭据需求与 stated purpose 基本匹配，未见明显窃密指令或恶意隐藏行为；不过其会把用户上下文发送到外部模型，并可主动向飞书外发内容，存在中高安全风险。综合判断为 SUSPICIOUS，而非确认恶意。