Skillv1.0.0

ClawScan security

Reverse Image Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 1:54 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent for performing reverse image searches (it uses a PyPI library and accepts URLs or local image files), but it will upload any file you point it at to third‑party search engines and has minor install/usability quirks you should be aware of.
Guidance: This skill appears to do what it says, but consider the following before installing and using it: - Privacy: When you pass a local file path, the script (via PicImageSearch) will upload that file to external search engines (Yandex/Google/Bing). Do not use it with sensitive images or files you wouldn't want sent to third parties. - Dependency trust: The SKILL.md installs PicImageSearch from PyPI. Verify the package's reputation and pin a specific version if you intend to deploy this long-term. - Usage caution: The script accepts arbitrary filesystem paths. Ensure the agent or any user invoking the skill cannot be tricked into supplying sensitive paths (system files, private images). Run the skill in a sandbox or restricted environment if possible. - Minor usability issue: The SKILL.md's SKILL_DIR assignment may not resolve as intended in all runtimes—verify the venv path and that the venv is created under scripts/.venv as expected. If you only need to search images hosted on the web, prefer providing URLs rather than local file paths. If you plan to allow the agent to call this autonomously, restrict what inputs it can supply or require explicit user confirmation before searching local files.

Review Dimensions

Purpose & Capability: okThe name/description match the implementation: the SKILL.md and scripts/search.py use the PicImageSearch library to query Yandex, Google, and Bing and return JSON results. Required capabilities (a Python package) are proportional to the stated purpose; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteThe runtime instructions are narrowly focused on creating a venv and installing PicImageSearch and then running scripts/search.py with a URL or file path. This matches the purpose, but the instructions and script accept arbitrary local filesystem paths — which will be read and uploaded to external search engines. Also, the SKILL.md uses SKILL_DIR="$(dirname "SKILL.md")" which may not correctly resolve the intended skill directory in all environments (minor usability bug).
Install Mechanism: noteThere is no platform-level install spec (lowest-risk), but SKILL.md instructs creating a venv and running pip install PicImageSearch from PyPI. Installing from PyPI is typical but carries the usual supply-chain considerations (verify package reputation, pin versions). No arbitrary download URLs or extracted archives are present.
Credentials: concernThe skill requests no environment variables or credentials (good). However, the script will read arbitrary local file paths you pass and (via the PicImageSearch library) will upload them to third-party search engines. That behavior is coherent with reverse-image search, but it poses privacy/exfiltration risk if sensitive local files are supplied. The code does not restrict file types or paths.
Persistence & Privilege: okThe skill does not request permanent/always-on presence, does not modify other skills' configs, and has no special privileges. Agent autonomous invocation is allowed by default (not a red flag on its own) but keep in mind the local-file upload capability if the agent is given paths to search.