ClawHub
Back to skill
v1.0.6

Multimedia Manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:26 AM.

Analysis

The skill mostly matches a local media manager, but its web gallery can run without authentication and its file-serving and cleanup behavior are less safely bounded than described.

GuidanceBefore installing, make sure IMAGE_VAULT_TOKEN is set and keep the server bound to 127.0.0.1 unless you fully understand the exposure. Review the file-serving and cleanup behavior, use dry-run for cleanup, and consider running setup in a virtual environment with pinned dependencies.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/web_server.py
path = request.args.get("path", "")
...
if not any(abs_path.startswith(b) for b in allowed_bases):
    abort(403)
return send_file(abs_path)

The file API accepts a raw path parameter and checks access with a string prefix test, which can allow similarly prefixed paths outside the intended vault directory.

User impactA reachable gallery could serve files outside the intended media vault if their paths pass the weak prefix check.
RecommendationServe files by database ID or use a safe path-join/common-path check that enforces directory boundaries exactly.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/cleanup_inbound.py
MAX_AGE_HOURS = 24
...
p.add_argument("--hours", type=int, default=MAX_AGE_HOURS, help="Max age in hours (default 24)")
...
p.unlink()

The cleanup script deletes files older than 24 hours, while SKILL.md describes a '--days' flag with a 7-day default; this is a material mismatch for a deletion operation.

User impactInbound media files could be deleted sooner than a user expects from the documentation.
RecommendationAlign the documentation and code, make deletion defaults conservative, and encourage dry-run review before deleting files.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
setup.sh
pip3 install -q Flask Pillow PyYAML 2>/dev/null || pip install -q Flask Pillow PyYAML

The setup script installs dependencies from PyPI without pinned versions or hashes; this is disclosed and central to setup, but still a supply-chain consideration.

User impactThe installed package versions may vary over time and depend on PyPI availability and integrity.
RecommendationRun setup in a virtual environment and prefer pinned dependency versions or a reviewed lockfile.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
scripts/web_server.py
AUTH_TOKEN = os.environ.get("IMAGE_VAULT_TOKEN", "")
...
if not AUTH_TOKEN:
    return

If IMAGE_VAULT_TOKEN is missing, the authentication check returns without enforcing login, even though the skill describes the gallery as token-protected.

User impactIf the token is not set, anyone who can reach the local server could browse the gallery and use API actions without authenticating.
RecommendationRequire IMAGE_VAULT_TOKEN at startup, declare it as a required environment variable in metadata, and fail closed instead of allowing unauthenticated access.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
scripts/image_import.py
gps = None if is_vid else extract_gps_from_exif(filepath)
...
kwargs["latitude"] = lat
kwargs["longitude"] = lng

The importer persists media metadata including EXIF GPS coordinates when present; this is purpose-aligned for a media library but sensitive.

User impactYour local vault database may contain private location, path, tag, and media metadata.
RecommendationImport only media you intend to index, protect the vault and token, and remove or avoid GPS metadata if you do not want it stored.