ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Photo Guide

v0.1.0

摄影指导技能 - 当用户上传照片并询问如何拍出类似效果、拍摄参数、后期调色等摄影相关问题时使用此技能。分析照片的视觉特征,推断拍摄参数,提供后期调色指导、照片优化建议和学习关键词。

0· 50·0 current·0 all-time
by@dcison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, included references, and the single helper script (scripts/extract_exif.py) align with a photography guidance skill. Required artifacts (Pillow via requirements.txt and an EXIF extraction script) are reasonable and proportional to the stated functionality.
Instruction Scope
SKILL.md limits operations to: check/install Pillow, run the local extract_exif.py on a user-provided image, and produce a structured report using internal reference docs. This stays within scope, but the instructions explicitly instruct pip install -r requirements.txt (which will contact PyPI) and to run Python on user-supplied files — both of which are normal for this skill but worth noting (installation will modify the agent environment and images may contain sensitive EXIF/GPS metadata).
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs using pip install -r requirements.txt. The requirements list a single well-known package (Pillow) from PyPI — a standard, traceable source. Risk is moderate only because pip will download and install packages into the execution environment.
Credentials
The skill requests no environment variables or credentials (proportional). One privacy-related point: the EXIF extractor will surface GPS/location fields if present, which could leak sensitive location metadata from photos; the SKILL.md notes local processing, but users should be aware of EXIF contents before uploading.
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, does not modify other skills, and contains no install-time hooks that persistently alter agent configuration. It runs only when triggered and per the included instructions.
Assessment
This skill is coherent for photo analysis: it includes a small EXIF extractor and local reference material and does not ask for unrelated credentials. Before installing or running it, consider: (1) Install dependencies in an isolated environment (virtualenv/container) because pip install will download packages from PyPI and modify your environment. (2) Photos often contain EXIF/GPS data — strip or review EXIF if you don't want to share location. (3) The extract_exif.py is short and readable; you can inspect it (it only reads EXIF tags) or run it locally on sample images to confirm behavior. (4) If you prefer zero network activity, pre-install Pillow offline or avoid executing the pip install step. Overall the skill appears benign and aligned with its described purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a9rgz3j3v8t0zj9fj9ver0184nqy1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📷 Clawdis

Comments