Skillv1.0.0

ClawScan security

Organise photos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 10, 2026, 3:28 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match an on‑device photo organizer, but there are gaps and risky behaviors (runtime pip installs, file deletion/moves, and an unclear “AI vision” step with no declared credentials or destination) that make the package incoherent and worth caution.
Guidance: Before installing or running this skill: 1) Backup the photo folder — the skill can move or delete files. 2) Verify how the “AI vision” step is implemented: does it run locally or send images to an external API? If it sends data externally, ask for the endpoint and what credentials are required. 3) Be aware the included Python scripts will run pip install at runtime (network download and package installation into the environment); run in a sandbox or virtualenv if you are concerned. 4) Because the skill has unknown source/owner and no homepage, prefer to manually review the full SKILL.md and any scripts before use. 5) If you want to proceed, test on a small folder first and keep manual approval required for deletions.

Review Dimensions

Purpose & Capability: noteThe name/description align with the steps in SKILL.md (scan folder, move non-photo files, detect bad exposure, blur, burst, and sort). However the description promises “AI vision analysis” but the skill metadata declares no API keys or credentials and no code files that implement a remote vision API—it's unclear whether vision analysis is local (open-source libs) or sending images to an external service. That missing detail is an unexplained gap.
Instruction Scope: concernThe instructions run shell commands and Python scripts that will move and delete files (though deletion is gated by user confirmation). The Python code dynamically installs packages via pip at runtime, reads EXIF metadata, and iterates files in the provided folder. There is no step that exfiltrates data visible in SKILL.md, but the vague “analyze content with AI vision” step could imply network calls not described. The skill therefore performs destructive file operations and network installs — both legitimate for this purpose but worthy of caution and explicit user consent.
Install Mechanism: noteNo declared install spec (instruction-only), which is low friction. However the embedded Python scripts call os.system('pip install ...') to fetch dependencies at runtime (Pillow, numpy, opencv-python-headless, imagehash). Dynamic pip installs are moderate risk: they download and install third‑party packages into the runtime environment and require network access.
Credentials: noteThe skill requests no environment variables, credentials, or config paths, which is proportionate for a local organizer. But the SKILL.md's reference to AI vision is not backed by declared credentials or an explicit local implementation; if the vision step requires an external API (cloud vision, paid model), the missing credential requirements are an inconsistency. Also runtime pip installs will use network access — this is not signaled in metadata.
Persistence & Privilege: okalways=false and there is no indication the skill modifies other skills or system-wide config. Its runtime effects are limited to the target folder and temporary package installation; no elevated persistent privileges are requested.