image-reader
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do the stated image OCR/description task, but it sends image contents to an external model API and uses a local API key.
Before installing, confirm you are comfortable sending analyzed images to the configured Doubao/Volcengine-compatible endpoint and storing an API key in config.yaml. Avoid using it on sensitive screenshots unless necessary, protect the API key, and consider pinning dependencies if you need reproducible installs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Images analyzed with this skill may be visible to the configured model provider, including any private text, faces, account details, or secrets shown in the image.
The skill discloses that image contents are sent to an external model endpoint. This is expected for the stated OCR/image-analysis purpose, but screenshots and documents may contain sensitive data.
API Endpoint | `https://ark.cn-beijing.volces.com/api/coding/v3` ... Images are sent as base64-encoded data
Use it only with images you are comfortable sending to the configured provider, redact sensitive screenshots where possible, and review the provider's data-handling terms.
A real API key placed in config.yaml could be used for provider access or billing if the file is shared or exposed.
The skill expects a provider API key in local configuration. This is purpose-aligned for calling the multimodal API, but users should treat the config as a credential-bearing file.
api_key: "YOUR_API_KEY_HERE"
Use a scoped, revocable API key; do not commit or share config.yaml after adding a real key; rotate the key if it may have been exposed.
Installing dependencies later could resolve to different package versions than the author tested.
The skill relies on external Python packages with lower-bound version ranges rather than pinned versions. This is normal for a small Python API client, but exact installed versions may vary over time.
openai>=1.0.0 pyyaml>=6.0
Install from trusted package sources and consider pinning or locking dependency versions in production or sensitive environments.