Stock Images
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Image providers may see the search terms and requested sizes used to generate stock-photo URLs.
The skill discloses that third-party image services receive requested dimensions and optional search terms. This is purpose-aligned for retrieving image URLs, but the terms may reveal project context.
**Data that leaves your machine:** - HTTP requests with dimensions and optional search terms
Use generic search terms for sensitive projects and review each provider's terms or privacy practices if the image request is confidential.
Saved preferences could persist across sessions and influence future stock-image recommendations.
The skill includes an optional local memory file for saved image preferences. The artifact clearly makes this user-directed, but it is still persistent context that can affect future choices.
Create `~/stock-images/memory.md` if user wants to save preferences ... Only create memory.md if they ask for saved preferences or consistent style guidance.
Only create the memory file if you want persistent preferences, avoid storing sensitive project details, and delete or edit the file if preferences change.
If you choose to use provider APIs, the API key may authorize requests against your provider account or quota.
The provider reference documents optional API-key workflows for stock-photo APIs. This is expected for those services and no storage or leakage is shown, but keys grant account/quota access.
Pexels ... **API (requires free key):** ... curl -H "Authorization: YOUR_API_KEY"
Use provider keys only when needed, avoid pasting real keys into shared chats or files, and revoke any key that may have been exposed.