Vision Sandbox
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Install only if you are comfortable sending selected images and prompts to Google Gemini and using a Gemini API key from your environment. For sensitive work, use a constrained API key and a locked Python environment. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Gemini may generate and run Python in Google's sandbox to analyze the uploaded image, and the generated code/output may be printed back to the user.
The tool explicitly enables Gemini's native code execution capability. This is central to the stated visual-verification purpose and is described as Google-hosted sandbox execution, not local execution of model-generated code.
tools=[types.Tool(code_execution=types.ToolCodeExecution())]
Use this only for intended visual-analysis tasks, and do not treat generated code or model output as inherently trusted without review.
Any screenshot or image you choose may leave your machine and be processed by Google Gemini.
The implementation sends the user prompt and selected image part to the external Gemini API. This is disclosed and purpose-aligned, but it is still an external provider data flow.
response = client.models.generate_content(
model=model_id, contents=[prompt, image_part], config=config
)Avoid using confidential screenshots or sensitive images unless you are comfortable with Gemini's API data handling for your account.
The skill can make Gemini API calls billed or governed under the account associated with the configured key.
The skill requires a Gemini API key and uses it to create a Gemini client. The artifacts do not show hardcoded keys, logging of the key, or unrelated credential use.
api_key = os.getenv("GEMINI_API_KEY")
...
client = genai.Client(api_key=api_key)Use a Gemini API key with appropriate account limits and rotate it if you suspect it has been exposed.
Installing later dependency versions could alter the runtime behavior of the skill.
The package depends on a version-ranged external library rather than a pinned version. This is normal for many Python projects, but it means future dependency versions could change behavior.
dependencies = [
"google-genai>=1.0.0",
]Prefer a locked environment or pinned dependency versions for repeatable installs, especially in sensitive workflows.