ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PhotoCHAT Photo Search

v1.0.0

Search for photos in PhotoCHAT using natural language via the CLI. Use when the user asks to find, search for, or locate photos/pictures/images using PhotoCH...

1· 330·0 current·0 all-time
by@photochat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to run the local 'photochat' CLI to perform natural-language photo searches and parse JSON output. There are no unrelated environment variables, external services, or installs requested — the need for a local 'photochat' binary is proportionate to the stated purpose.
Instruction Scope
Instructions are narrowly scoped to running 'photochat search' with JSON output, parsing the results, and presenting file paths. This is appropriate for a local photo-search skill, but it does explicitly expect absolute file paths and instructs passing them to the agent's image/display tool — which means the agent will access the user's photo files. That privacy-relevant behavior is expected for the stated purpose but is worth noting.
Install Mechanism
No install spec or code is provided (instruction-only), so nothing is downloaded or written by the skill itself. This is the lowest-risk install profile and matches the skill's description.
Credentials
The skill requires no environment variables, credentials, or config paths. The only implicit requirement is access to the local 'photochat' binary and filesystem paths for photos; those are proportional to a local photo-search capability and are not excessive.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/system-wide privileges or attempt to modify other skills. Autonomous invocation is permitted by default for skills and is not combined here with other concerning privileges.
Assessment
This skill is coherent and doesn't request credentials or install code, but it operates on your local photo library: make sure the 'photochat' app (MSIX) is installed and up-to-date, and that you are comfortable granting the agent access to image file paths (the skill will read absolute paths and may display images via the agent's image tool). If you have sensitive photos you do not want an agent to access, do not enable this skill or restrict the agent's file access. If you want stronger assurance, ask the publisher for the skill source/origin or require a signed package of the 'photochat' CLI before enabling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ejkc9hryr2efydgdqr6724n825fme

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments