Skillv1.0.0

ClawScan security

claw2immich · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 8:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (interacting with an Immich photo library via a claw2immich MCP server); it requests no unrelated credentials and has no install step, but you should be cautious about how the Immich server is configured (shared links can expose photos).
Guidance: This skill appears to do what it claims: it teaches an OpenClaw agent to call a claw2immich MCP server to search and fetch photos. Before installing or using it, check the following: 1) Ensure your Immich / claw2immich server is private and properly secured — the skill documents generating shared links that may be usable without authentication, which can leak photos if the server is publicly reachable. 2) Replace example hostnames (e.g., http://joesnuc:2283) with your actual server URL; examples include defaults that are placeholders. 3) The example scripts use jq and curl; install those if you plan to run them locally. 4) If you are concerned about privacy, review the claw2immich server configuration (IMMICH_DOWNLOAD_ASSET_DELIVERY and IMMICH_EXTERNAL_DOMAIN) and the claw2immich codebase before enabling automated agents to generate or share links. 5) Because this is instruction-only (no install), the primary risk is accidental exposure of photos via sharing — not installation of unwanted binaries. If you want extra assurance, inspect the claw2immich repo and restrict network access to the MCP/Immich hosts.

Review Dimensions

Purpose & Capability: okName/description match the provided files and SKILL.md. The skill is instruction-only and expects an Immich instance and a claw2immich MCP server (documented in SKILL.md and skill.json). The examples and tool names all pertain to Immich. Minor note: example scripts ship a default example server URL (http://joesnuc:2283) which is a local/personal host placeholder and should be replaced by users; this is documentation noise but not a functional mismatch.
Instruction Scope: noteSKILL.md and the example scripts instruct the agent to call mcporter tools (search, view, download) and to decode/save base64 thumbnails or use curl to fetch originals. These instructions stay within the skill's photo-management scope. Important operational detail: the skill documents/uses shared-link delivery (short-lived, no auth required by default) and suggests sending those links to users — this can expose private photos if the Immich/claw2immich server is misconfigured or publicly reachable. The skill itself does not access unrelated host files or secrets.
Install Mechanism: okNo install spec is included (instruction-only), so nothing is downloaded or written by the skill itself. Example scripts reference jq and curl, which are reasonable and documented as optional requirements. This is low risk from an installation perspective.
Credentials: noteThe skill requests no environment variables or credentials. skill.json lists mcporter/mcp server and jq as requirements which are proportional. However, the SKILL.md references server-side configuration variables (IMMICH_EXTERNAL_DOMAIN, IMMICH_DOWNLOAD_ASSET_DELIVERY) that control URL exposure and delivery mode — these are not requested as secrets by the skill but materially affect privacy and whether assets can be downloaded without auth. Users should verify those server settings before use.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and has no install-time hooks. It is user-invocable and can be invoked autonomously by agents per platform defaults; that is expected and not excessive for this skill.