Li PhotoIndexWithLLM
WarnAudited by ClawScan on May 17, 2026.
Overview
The photo indexing purpose is legitimate, but the artifacts show sensitive photo uploads to remote LLM providers and persistent unencrypted photo metadata storage that users should review carefully.
Install only if you are comfortable with a photo index being created. For private or family photos, use local-only mode, disable remote LLM upload, protect the `.env` and SQLite database files, scan only specific folders, and confirm how to delete or encrypt the generated index.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private photos, faces, locations, documents, or work images could be transmitted to and processed by a third-party LLM provider if remote mode is enabled.
This explicitly documents that full photo contents may be sent to third-party model providers, which is high-impact sensitive data handling for personal photo libraries.
当您使用远程 VL 模型(如 OpenRouter、NVIDIA 等)时:... 完整的照片内容(base64 编码)会传输到远程服务器 ... 第三方可能存储、分析或使用这些照片
Use local-only mode for private photos, disable remote upload unless you explicitly want it, and verify provider privacy terms before configuring remote VL endpoints.
Future searches, agents, or anyone with local file access could reveal sensitive folder names, photo descriptions, people labels, or other private metadata.
The skill creates persistent local memory about photos, including full paths and semantic descriptions, and the artifact says this database is stored in plaintext.
SQLite 数据库明文存储 ... 包含照片路径、描述、标签等敏感信息 ... 数据库存储完整的文件路径
Scan only intended folders, restrict database file permissions, consider encryption/path masking, and provide a clear way to delete or rebuild the index.
A poorly protected `.env` file could expose remote model API keys to other local users, backups, or accidental commits.
The skill may rely on provider API keys stored in a local `.env` file; this is expected for remote LLM use, but it is sensitive credential material.
.env 文件中 API Key 明文存储 ... 文件权限未限制
Keep `.env` out of version control, restrict file permissions, rotate exposed keys, and use environment variables or a secret manager where possible.
A user may trust the local-only claim and scan sensitive photos without first verifying whether remote model upload is disabled.
The artifacts contain strong privacy assurance wording while also documenting a serious remote-upload risk, creating ambiguity about the true default behavior and consent guarantees.
AGENTS.md: “Photos NEVER leave your machine unless explicitly configured”; PRIVACY.md: “严重问题 ... 完整的照片内容 ... 会被发送到第三方服务器”
Clarify the exact defaults in one place, remove absolute privacy claims unless enforced in code, and require explicit per-use confirmation before remote image transmission.