Photo Index With LLM
ReviewAudited by ClawScan on May 16, 2026.
Overview
This appears to be a purpose-aligned photo search tool, but it handles private photos, persistent local indexes, optional remote model uploads, and local API-key configuration.
Install only if you are comfortable with the skill indexing the photo folders you choose. Prefer local-only mode for personal photos, protect the .env and SQLite database files, and enable remote model analysis only after confirming exactly which photos and provider will be involved.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Configured LLM API keys could be used by the skill to access local or remote model services and consume account quota.
The skill automatically loads a project .env file and has configuration slots for LLM API keys. This is expected for an LLM integration, but users should understand that local credentials may be used.
env_file = project_root / ".env"
if env_file.exists():
self._load_env_file(str(env_file)) ... "REMOTE_LLM_API_KEY": ""Use limited-scope API keys, protect the .env file with local file permissions, and verify which provider keys are present before scanning photos.
Photo-derived descriptions, tags, and paths remain on disk and could reveal private information to anyone with access to the database file.
The skill persistently stores photo analysis data in an unencrypted local SQLite database, which is central to search but sensitive.
database_encrypted: false ... All photo analysis data stays on your machine in local SQLite database.
Scan only intended folders, restrict database file permissions, consider encryption or path redaction for sensitive collections, and delete the database when it is no longer needed.
If remote models are enabled, private photos may be transmitted to external providers for analysis.
The privacy guide clearly discloses that when remote VL models are used, complete image contents are sent to third-party servers.
完整的照片内容(base64 编码)会传输到远程服务器
Keep local-only mode enabled for sensitive photos, allow remote upload only intentionally, and review the remote provider’s data-retention and privacy terms.