Multimedia Manager
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a coherent local media gallery, but its web server can run without authentication and exposes file-serving and deletion APIs, so users should review it before installing.
Install only if you are comfortable running a local web gallery and storing a searchable media database on your machine. Run setup so a token is generated, do not bind the server to public interfaces unless you have reviewed and hardened authentication, and review the cleanup script before using it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the gallery is started without the generated token, anyone who can reach the server could use its APIs without logging in; if the host is changed from localhost, this could affect remote users too.
The server disables authentication entirely when the token is missing, while still exposing state-changing endpoints such as image deletion.
AUTH_TOKEN = os.environ.get("IMAGE_VAULT_TOKEN", "") ... if not AUTH_TOKEN: return ... @app.route("/api/images/<int:image_id>", methods=["DELETE"])Require a non-empty token before starting the server, fail closed if it is missing, and clearly warn users not to bind the server to non-local interfaces without strong authentication.
A boundary mistake in this endpoint could expose local files outside the intended media vault, especially if authentication is missing or the server is made reachable beyond localhost.
The file-serving endpoint accepts a client-supplied path and uses a simple string prefix check for containment, which is weaker than a real path-boundary check.
path = request.args.get("path", "") ... allowed_bases = [os.path.abspath(VAULT_DIR), os.path.abspath(_DATA_DIR)] ... if not any(abs_path.startswith(b) for b in allowed_bases): abort(403) ... return send_file(abs_path)Serve files by database ID rather than arbitrary paths, use pathlib/os.path commonpath containment checks, and keep the endpoint behind mandatory authentication.
Users may believe the gallery is always protected when it can actually run open if setup was skipped or the token is absent.
The documentation presents token protection as required, but the reviewed server code allows all requests when the token is empty.
| **Local HTTP server** | Web gallery UI on `127.0.0.1` | Localhost only, token-protected | ... `IMAGE_VAULT_TOKEN` | **Yes** | Authentication token for the web gallery.
Update the code and documentation so they match: either enforce the token as required or prominently document the unauthenticated mode and its risks.
If a user runs the cleanup script based on the documentation, it may delete inbound files sooner than expected.
The cleanup script can delete files from a chosen directory and defaults to 24 hours, while SKILL.md describes a `--days` flag with a 7-day default.
MAX_AGE_HOURS = 24 ... p.add_argument("--dir", default=default_inbound ... p.add_argument("--hours", type=int, default=MAX_AGE_HOURS ... p.unlink()Fix the documentation or script defaults, keep dry-run guidance prominent, and restrict cleanup to the vault inbound folder unless the user explicitly confirms another path.
Install behavior depends on whatever package versions PyPI resolves at setup time.
The setup script installs packages from PyPI without exact version pins or hashes. This is disclosed and purpose-aligned, but it leaves dependency provenance to the current package index state.
pip3 install -q Flask Pillow PyYAML 2>/dev/null || pip install -q Flask Pillow PyYAML
Pin dependency versions, consider hashes or a lockfile, and keep the manual install option documented.
Users need to manage a local gallery token that may not be visible from the registry’s credential summary.
The skill uses a local authentication token even though the registry metadata lists no primary credential or environment variable declarations.
`IMAGE_VAULT_TOKEN` | **Yes** | Authentication token for the web gallery. Auto-generated by `setup.sh`.
Declare the local auth token in registry metadata and avoid running the server if the token is missing.
The vault database may contain sensitive information about private photos, filenames, locations, and people, even though images themselves are not stored in the database.
The local database persists searchable metadata including original paths, face-name fields, and GPS coordinates when available.
original_path TEXT ... face_names TEXT DEFAULT '[]' ... ALTER TABLE images ADD COLUMN latitude REAL; ALTER TABLE images ADD COLUMN longitude REAL; ... CREATE VIRTUAL TABLE IF NOT EXISTS images_fts
Keep the vault directory private, document location metadata storage clearly, and provide a way to purge or disable sensitive metadata extraction if desired.