Skillv1.0.0

ClawScan security

moondream-vision-zc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 18, 2026, 4:19 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with its stated purpose (local Ollama + Moondream image understanding) and do not request unrelated credentials or perform unexpected network or file actions.
Guidance: This skill appears coherent, but review the following before installing: - Verify you only run Ollama and the Moondream model from trusted sources (download Ollama from the official site) because local models can read any images you give them. - The skill sends base64-encoded images to http://127.0.0.1:11434 — ensure Ollama is bound to localhost and not exposed to the network, otherwise other hosts could access the service and your images. - The provided script reads any file path you pass; avoid passing sensitive files or unspecified paths. Use it only with images you intend to analyze. - If you install the Python dependency (requests), perform that in a virtualenv if you prefer to avoid modifying the system Python environment. - Confirm the Moondream model source and license if you care about provenance or data-handling guarantees. If you want extra assurance, run Ollama in a sandboxed environment and inspect the model artifacts before use.

Purpose & Capability: okName/description claim local image understanding via a Moondream model served by Ollama; the SKILL.md only asks the user to install Ollama, pull the model, and call the local Ollama HTTP API — all proportional to the stated purpose.
Instruction Scope: okRuntime instructions are limited to: starting a local Ollama server, pulling/running a local model, base64-encoding a user-supplied image file, and posting it to http://127.0.0.1:11434. The skill reads image files provided by the user (expected for image-understanding) and writes a local skills registration entry; it does not instruct reading arbitrary unrelated files or sending data to external hosts.
Install Mechanism: okThis is an instruction-only skill with no install spec or bundled binaries. It defers to user-installed Ollama and an optional pip dependency (requests), which is appropriate and low-risk for this use case.
Credentials: okNo environment variables, credentials, or config paths are requested. The instructions only reference the local Ollama service and a user-supplied image path, which aligns with the stated functionality.
Persistence & Privilege: okThe skill does not request always:true or other elevated persistence. It asks the user to add an entry to the user's own ~/.openclaw/config/skills.json (expected for registering a skill) and does not modify other skills or system-wide settings.