Image Detection
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a benign image-analysis guide, but it relies on external npm packages and optional cloud image services that users should review for privacy and provenance.
This skill looks safe as an instruction-only image-detection guide, but review the referenced npm packages before installing them and use the local/privacy-focused stack for sensitive images. If enabling Hive API, reverse image search, or result caching, confirm exactly what image data is sent or stored and how to delete it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced packages would run code from external package sources that was not reviewed in this artifact set.
The skill is instruction-only but directs users to install npm packages whose contents are not included in the provided artifacts.
npm install @raghulpasupathi/image-detection
Install only after checking the package publisher, version, source repository, and npm package contents.
Private or sensitive images may leave the local environment if the cloud-based stack is used.
The skill explicitly supports sending image-analysis work to a cloud API, which can involve transmitting user images or derived data to an external provider.
Hive Moderation API ... Purpose: Cloud-based image analysis ... Installation: API integration via REST
Use the privacy-focused/local configuration for sensitive images, and review the cloud provider's data handling, retention, and authentication requirements before use.
Image-analysis results, metadata, or moderation outcomes could be stored longer than expected depending on the implementation.
A configuration example enables caching of analysis results, but the artifact does not describe retention, location, or cleanup behavior.
"skills": ["hive-api"], "cacheResults": true
Confirm where cached results are stored, how they can be deleted, and whether caching should be disabled for sensitive images.
A user could mistakenly assume all features are local when some optional integrations may contact external services.
Reverse image search commonly involves external services, so listing it under a local/no-external-API purpose could confuse users about when image data stays local.
Purpose: Local image analysis without external APIs ... Reverse image search integration
Clarify whether reverse image search is disabled by localOnly mode and require explicit user approval before any external image lookup.