Image Duplication Detector
v1.0.0Detect image duplication and tampering in manuscript figures using computer vision algorithms
⭐ 0· 64·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description align with the included Python implementation: perceptual hashing, ORB/SIFT feature matching, ELA and copy-move detection. The requested operations (reading PDFs/images, writing reports, using CV libraries) are consistent with the stated purpose.
Instruction Scope
SKILL.md instructs only local processing of supplied PDFs/images and saving a report/visualizations. There are no instructions to read unrelated system files, access environment secrets, or call external endpoints. The code creates temporary files and writes outputs to workspace as expected.
Install Mechanism
No install spec is provided (lower risk), but requirements.txt contains inconsistent/invalid package names (e.g., 'cv2' and 'pil' instead of 'opencv-python' and 'Pillow') and the code uses SIFT (usually in opencv-contrib). This can lead to installation surprises; dependencies should be pinned and corrected.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code only needs filesystem access to input/output/temp directories, which is proportionate to its functionality.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills/system-wide settings. It runs locally when invoked and does not enable autonomous always-on behavior.
Assessment
This skill appears to implement what it claims, but take these precautions before installing or running it:
- Dependency hygiene: requirements.txt uses nonstandard names ('cv2', 'pil') and may be missing opencv-contrib (SIFT). Fix and pin package names (opencv-python, opencv-contrib-python, Pillow, proper versions) before pip install -r requirements.txt.
- Run in an isolated environment (virtualenv, container) to avoid affecting your system Python and to contain file I/O.
- Test on non-sensitive sample data first. The tool reads input files and writes temporary files and reports; ensure your input does not contain confidential images you cannot expose.
- Audit the full script tail (file was truncated in the review) to confirm there are no unexpected network calls, telemetry, or external endpoints before trusting it with sensitive datasets.
- Verify temp file handling and deletion (code deletes some temp files but double-check behavior on errors) and consider running with a controlled temp-dir.
- Be aware of false positives in tampering detection; manual review of flagged regions is recommended.
If you want, I can: (1) produce a corrected requirements.txt with appropriate package names and versions, (2) scan the rest of the script if you provide the truncated portion, or (3) suggest a safe containerized run command.Like a lobster shell, security has layers — review code before you run it.
latestvk970vjv7m0fnvhwy8b1b79z3wn83jns7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.