ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Image Scanner Pro

Scan image folders and use Gemini 2.0 Flash to analyze and categorize photos by photography attributes like composition, lighting, and style.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 75 · 1 current installs · 1 all-time installs
by@mrxolin
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim to analyze local images with Gemini; the code and SKILL.md implement exactly that (scanning folders, sending images to Gemini, categorizing). However, the registry metadata declares no primary credential or required env vars while both SKILL.md and index.js expect a Gemini API key (CLI --api-key or process.env.GEMINI_API_KEY). That mismatch is unexplained.
Instruction Scope
Runtime instructions and code are narrowly scoped to scanning a specified directory, reading image files, and sending their base64 content to the Gemini model for analysis. This is coherent with purpose, but it does transmit full image data (and file paths/sizes) to an external model — a privacy consideration users should be aware of.
Install Mechanism
No external arbitrary downloads; dependencies are standard npm packages (@google/generative-ai, proxy-agent) declared in package.json and resolved via registry mirror in package-lock.json. No extract-from-URL installs or obscure hosts were used.
!
Credentials
The skill uses an API key (GEMINI_API_KEY) and proxy env vars at runtime but the registry metadata lists none and primary credential is 'none'. Requiring an API key to call Gemini is expected, but failing to declare it in metadata is an incoherence that can lead to surprise credential prompts or misconfiguration. The presence of proxy-agent dependency also implies network configuration ability that isn't declared.
Persistence & Privilege
Skill is not always-enabled, does not request elevated system persistence, and does not modify other skills or global configuration. It runs on-demand and writes only its report file if --output is provided.
What to consider before installing
This skill appears to do what it says (scan local images and send them to Gemini for analysis) but the registry metadata failed to declare the required Gemini API key/env vars. Before installing: 1) Expect that images (full base64 blobs) will be uploaded to an external LLM service — do NOT run it on private or sensitive photos unless you accept that. 2) Provide the API key either with --api-key or set GEMINI_API_KEY; the skill will also respect HTTPS_PROXY / --proxy. 3) Review and run dependencies (npm install) in an isolated environment; verify the @google/generative-ai package version is acceptable. 4) If you need stronger guarantees about data handling or want metadata-only analysis, request/inspect a variant that avoids sending full images. If you need the metadata declared in the registry (so automated installers can surface required secrets), ask the publisher to add GEMINI_API_KEY to requires.env.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977jrw6a797csh3kd1eshfxjd8363br

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

image-scanner-pro

Description

扫描图片文件夹,调用视觉大模型(Gemini 2.0 Flash)深度分析每张照片的摄影属性:景别、主体、场景、光线、氛围、影调、产品、物件、陈设。

Triggers

  • 分析摄影作品
  • 识别图片内容
  • 扫描并分类图片
  • 批量分析照片风格
  • 整理作品集
  • 识别图片颜色和风格

Capabilities

  • 扫描目录中的所有图片文件
  • 调用视觉模型分析每张图片
  • 识别专业摄影属性(景别/主体/光线/影调等)
  • 按拍摄内容自动分类
  • 生成详细分析报告
  • 支持批量处理

Requirements

  • 需要配置视觉模型 API(Gemini 2.0 Flash)
  • 安装依赖:npm install @google/generative-ai

Usage

node skills/image-scanner-pro/index.js --path <目录路径> --api-key <Gemini Key> --output report.json

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…