Claw Vision
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for user-requested image analysis, but it relies on an unreviewed local helper script and may send selected images to an external Gemini/NUWA vision API.
This appears safe to use for its stated purpose if you trust the local vision-tool.py helper and are comfortable sending the selected image to the disclosed external vision API. Avoid using it on sensitive receipts, documents, or screenshots unless that data sharing is acceptable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When analyzing an image, the skill may run whatever vision-tool.py exists at that local path.
The core operation depends on a local helper script outside the provided one-file skill package, so this review cannot verify that helper's code or provenance.
python3 ~/Documents/OpenClaw/workspace/scripts/vision-tool.py <图片绝对路径> "<提示语>"
Before use, inspect or install the helper script from a trusted source and confirm it only processes the selected image as expected.
Images you ask it to analyze may be sent to the stated Gemini/NUWA service for processing.
The workflow uses a helper to call an external vision provider with local image content; screenshots, receipts, and documents can contain sensitive information.
本地图片路径 → 结构化文本理解。通过 vision-tool.py 调用 Gemini 3.1 Pro Preview(NUWA Flux)。
Use it only with images you are comfortable sending to that provider, and redact sensitive details when appropriate.