ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

yandex-image-search

v1.0.0

Reverse image search (find image source, visually similar images). Use when user provides an image and wants to find its origin, similar images, or verify au...

0· 132·0 current·0 all-time
by@johnsonsleo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for johnsonsleo/yandex-image-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "yandex-image-search" (johnsonsleo/yandex-image-search) from ClawHub.
Skill page: https://clawhub.ai/johnsonsleo/yandex-image-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yandex-image-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install yandex-image-search
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and scripts implement reverse image search (Yandex/Google/Bing) and only require reading an image and making web requests — this matches the description. However metadata is inconsistent: the top-level name is 'yandex-image-search' while _meta.json and SKILL.md use 'reverse-image-search'; owner IDs/slug differ and there's no homepage. These inconsistencies reduce provenance confidence.
Instruction Scope
Instructions are explicit: create a local venv and pip install PicImageSearch, then run scripts/search.py against a URL or local file. The script reads local files, makes network requests to search engines, and writes diagnostic HTML files to /tmp; all of those actions are coherent with reverse-image-search but mean the skill will access local files and the network and will leave files in /tmp.
!
Install Mechanism
There is no packaged install spec, but SKILL.md directs pip installing PicImageSearch and typing_extensions into a venv at runtime. That requires fetching and executing third‑party code from PyPI (network dependency and supply-chain risk). This is expected for the task but worth reviewing the PicImageSearch package before installing.
Credentials
The skill declares no environment variables, credentials, or config paths. The script does not read undeclared secrets; it only reads provided image files and network responses. Requested access appears proportionate to purpose.
Persistence & Privilege
always is false and the skill doesn't request elevated privileges. It will write debug HTML files to /tmp and create a venv under the skill directory; these are local effects and within expected scope.
What to consider before installing
This skill appears to implement what it claims, but review a few things before installing: 1) provenance: metadata and names disagree (yandex-image-search vs reverse-image-search) and no homepage is provided — prefer skills with clear source repos. 2) supply-chain: SKILL.md instructs pip install PicImageSearch — inspect the PicImageSearch PyPI project and its version history to ensure you trust it. 3) runtime behavior: the script will access local files you point it to, make network requests to search engines, and write HTML diagnostics into /tmp; run it in an isolated environment if you’re concerned. 4) operational: the code scrapes search engines and may hit CAPTCHAs or changing HTML; expect occasional failures. If you want higher assurance, ask the author for the canonical source repo (matching metadata), or request a fixed wheel/hash for the PicImageSearch dependency.

Like a lobster shell, security has layers — review code before you run it.

latestvk9700chbys5r23779kfzdpn8p983kp3w
132downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@johnsonsleo
latest
Download

Reverse Image Search

Find the source, similar images, or context for any image using reverse image search engines.

Setup

On first use, create a Python venv and install the dependency:

SKILL_DIR="$(dirname "SKILL.md")"
python3 -m venv "$SKILL_DIR/scripts/.venv"
"$SKILL_DIR/scripts/.venv/bin/pip" install -q PicImageSearch typing_extensions

typing_extensions is included here because the current PicImageSearch import path needs it on this machine's Python 3.14 runtime.

Usage

SKILL_DIR="$(dirname "SKILL.md")"
"$SKILL_DIR/scripts/.venv/bin/python3" "$SKILL_DIR/scripts/search.py" "<image_url_or_path>" [engine] [limit]
  • image_url_or_path: HTTP(S) URL or local file path
  • engine: yandex (default, most reliable), google (Google Lens path), bing, or all
  • limit: Max results per engine (default: 10)

Output is JSON with matched results including title, URL, thumbnail, and similarity when available.

If every selected engine fails due to upstream scraper breakage or anti-bot responses, the script exits non-zero so the caller can retry or fall back instead of treating the run as a clean success.

For Yandex hard failures, the error object includes attempt_log and diagnostics (including debug_html_path files in /tmp) so you can inspect exactly what response variant was received.

Engine Selection

  • yandex — Best overall: most stable, good at finding exact matches and similar images
  • google — Uses Google Lens via PicImageSearch; useful as a secondary source
  • bing — Useful as supplementary source
  • all — Run yandex first, then fall back to Google Lens and Bing only if Yandex is insufficient

Typical Workflow

  1. User provides image (URL or file attachment)
  2. Run search with yandex first
  3. Only if yandex is insufficient, retry with all
  4. Summarize findings: source, context, similar images

Do not start with all unless the user explicitly asks for all engines at once.

Comments

Loading comments...