本地图片语义搜索
PassAudited by ClawScan on May 10, 2026.
Overview
This skill does what it claims—local AI image search—but users should understand it can scan and persist an index of many local photos.
Install only if you are comfortable with a local index of your photos being created. Restrict SCAN_ROOTS before first use if you do not want all drives scanned, run it in a virtual environment, and keep the generated image_db files private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private image locations and embeddings may be persisted in the local image_db index and reused for later searches.
By default the skill recursively scans all detected drives for images and stores derived search data locally.
SCAN_ROOTS = [] # 自动检测所有盘(全盘扫描)
Before first scan, edit SCAN_ROOTS and exclusions to limit indexing to intended folders; delete image_db if you no longer want the local index.
Installation and first run depend on external package/model sources, which can affect reproducibility and supply-chain trust.
The skill relies on external Python packages and a model download; versions are not pinned to exact releases.
torch>=2.0.0 transformers>=4.30.0 faiss-cpu>=1.7.0 # 注意:首次运行会自动下载CLIP模型(约340MB)
Install in a virtual environment, use trusted package indexes, and consider pinning or reviewing dependency/model versions for sensitive machines.
If an attacker or untrusted process can replace image_db/image_list.pkl, running search or update could execute unintended code.
The search script deserializes a local pickle file from the image database; pickle can execute code if the file is maliciously modified.
with open(IMAGE_LIST_FILE, 'rb') as f:
images = pickle.load(f)Do not share or accept image_db pickle files from others; keep the skill directory writable only by trusted users, or replace pickle storage with a safer format such as JSON.