Image Metadata Cleaner
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: image-metadata-cleaner Version: 1.0.2 The image-metadata-cleaner skill is a legitimate utility designed to remove privacy-sensitive metadata from images by re-encoding them using the Pillow library. The core script, scripts/strip.py, implements safety features such as refusing to overwrite input files and performing a post-process verification scan for residual metadata and provenance markers (e.g., C2PA, EXIF). The instructions in SKILL.md and README.md are well-aligned with the code's stated purpose, and there is no evidence of data exfiltration, malicious execution, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can create many cleaned image copies and, if invoked with overwrite, may replace existing output files.
The skill performs local file writes and exposes an overwrite option. This is expected for creating sanitized image copies, and the artifacts state that originals are not modified, but users should still control output paths and overwrite use.
- Writes copies instead of modifying originals in place ... `--overwrite` — Overwrite existing output (only after user confirmation)
Use dry-run and the default output directory first; only allow --overwrite after explicit user confirmation.
First use may install or resolve code from a package registry in the user's Python environment.
The documented setup may fetch Pillow dynamically with only a lower-bound version. This is purpose-aligned for an image-processing tool, but it is not a locked dependency install.
uv run --with "pillow>=10.0" scripts/strip.py "<path>" --manifest ... pip install "pillow>=10.0" && python scripts/strip.py "<path>" --manifest
Run it in a virtual environment and use a trusted package source or pinned/locked dependency version if supply-chain reproducibility matters.
There is a small review-coverage gap for the final part of the script.
The supplied review artifact for the runnable script is truncated before the end of the file, so this evaluation cannot independently inspect the final CLI/main-control logic from the provided text. The visible code is purpose-aligned and the static scan reported no suspicious findings.
"truncated": true
Inspect the complete script from the installed package or repository before use, especially before running batch or overwrite operations.