Immich API Connector
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Immich connector is mostly purpose-aligned, but its album download script can write files using unsanitized server-provided names outside the chosen download folder.
Install only if you are comfortable giving the agent access to your Immich API key and photo library. Review destructive or sharing actions before execution, prefer environment variables over command-line API keys, and fix or avoid the album download script until it sanitizes server-provided album and file names.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised Immich server, or crafted album/file metadata, could cause downloads to be written outside the intended folder and potentially overwrite local files.
The script uses album and asset filenames from the Immich API directly in local filesystem paths without stripping path separators, resolving paths, or enforcing that writes stay inside the selected output directory.
album_name = album.get("albumName", "unknown")
output_path = Path(output_dir) / album_name
filename = asset.get("originalFileName", f"{asset_id}.jpg")
file_path = output_path / filenameSanitize album and file names, reject absolute paths and '..' components, resolve the final path, enforce it remains under the chosen output directory, and avoid overwriting existing files without confirmation.
Anyone or any agent process with this key can perform whatever Immich actions the key permits, which may include reading, uploading, downloading, or modifying a private photo library.
The skill requires an Immich API key, including optional command-line use, while the registry metadata declares no primary credential or required environment variables.
export IMMICH_API_KEY="your-api-key-here" ... python scripts/upload_photos.py --url "https://your-immich.com" --api-key "your-key" --folder ./photos
Use a dedicated least-privilege Immich API key if available, avoid passing the key on the command line where it may appear in shell history or process listings, and rotate the key if exposed.
If used without careful confirmation, the agent could delete photos or users, or create sharing links for media.
The endpoint reference exposes destructive and sharing-related Immich operations. This is coherent for an API connector, but these actions can have significant user impact.
DELETE | `/assets/{id}` | Delete asset
...
DELETE | `/users/{id}` | Delete user
...
POST | `/shared-links` | Create shared linkRequire explicit user confirmation before delete, user-management, shared-link, library, and job-trigger actions, and show the exact target IDs/names before proceeding.
Users may try to run a referenced helper that is not actually present, and the reviewed artifact set does not show what that helper would do.
SKILL.md documents a bundled sync_library.py helper, but the provided manifest only includes upload_photos.py and download_album.py under scripts.
- `sync_library.py` - Sync external library
Remove the reference or include the missing script for review, and declare Python/package requirements for the provided scripts.