Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ollama-vision
v1.0.0本地调用 Ollama qwen3-vl:4b 模型自动压缩并分析图片,支持描述、OCR 文字提取和自定义信息抽取。
⭐ 0· 310·0 current·0 all-time
by@lzm2023
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code's intent: use a local Ollama qwen3-vl:4b model to compress and analyze images (describe/ocr/extract). The code uses the Ollama CLI and local API as expected and attempts to auto-pull the model if missing. No unrelated cloud credentials or external endpoints are requested.
Instruction Scope
SKILL.md and examples refer to an analyze_image(...) function, but the implementation provides analyze_image_api(...) (no analyze_image symbol). test_skill.py tries to import analyze_image from analyze_image.py which will fail. SKILL.md mentions Pillow but does not mention the requests library used to call the local API. test_skill.py searches %USERPROFILE%\.openclaw\media\inbound for images (a platform-specific path) that the SKILL.md did not declare as required. These mismatches grant the agent ambiguous runtime behavior and require developer/user intervention.
Install Mechanism
No install spec / no remote downloads in included files. The code calls 'ollama pull' to fetch models (expected behavior) but the skill bundle itself does not automatically fetch arbitrary code from external hosts.
Credentials
The skill requests no environment variables or secrets. It interacts with local resources (Ollama CLI, local API, temp files, and optionally a local OpenClaw inbound folder). Those accesses are proportionate to a local image-analysis skill.
Persistence & Privilege
The skill is not always-enabled and does not request special platform-wide privileges. It does invoke local commands and writes temporary files (compressed images) to the system temp directory, which it tries to clean up.
What to consider before installing
This skill is largely coherent with a local Ollama-based image-analyzer, but there are concrete implementation problems you should address before use:
- Fix function name mismatch: SKILL.md and test_skill.py expect analyze_image(), but the module exposes analyze_image_api(). Either add a wrapper named analyze_image or update callers.
- Ensure required Python packages are installed: SKILL.md mentions Pillow but not requests (used to call http://localhost:11434). Install both (pip install Pillow requests) before running.
- Be aware model download will pull ~2–3GB via 'ollama pull qwen3-vl:4b' and requires sufficient disk and GPU/VRAM resources.
- test_skill.py looks in %USERPROFILE%\.openclaw\media\inbound for test images; this is platform-specific and not documented in SKILL.md — either provide a test image path or adjust the test script.
- The code posts base64-encoded images only to localhost (http://localhost:11434). That is local-only in the provided code, but review network calls before running in sensitive environments.
If you are not comfortable editing the code, run this in an isolated machine or VM, verify Ollama is installed and the model is present, and inspect/modify the small mismatches above before allowing the agent to use the skill autonomously.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2k9x7exqn2maspa7jp691n82ptj2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.