本地图片语义搜索
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: tobemsk-image-search Version: 1.0.0 The skill performs a high-risk recursive scan of all available drive letters (A-Z) to index images for semantic search. While this behavior is aligned with its stated purpose, the broad file system access and the automatic configuration of a third-party model mirror (hf-mirror.com) in 'scripts/config.py' and 'scripts/scan.py' represent significant privacy and security risks. Additionally, 'scripts/search.py' automatically writes search result logs to the user's Desktop directory.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private image locations and embeddings may be persisted in the local image_db index and reused for later searches.
By default the skill recursively scans all detected drives for images and stores derived search data locally.
SCAN_ROOTS = [] # 自动检测所有盘(全盘扫描)
Before first scan, edit SCAN_ROOTS and exclusions to limit indexing to intended folders; delete image_db if you no longer want the local index.
Installation and first run depend on external package/model sources, which can affect reproducibility and supply-chain trust.
The skill relies on external Python packages and a model download; versions are not pinned to exact releases.
torch>=2.0.0 transformers>=4.30.0 faiss-cpu>=1.7.0 # 注意:首次运行会自动下载CLIP模型(约340MB)
Install in a virtual environment, use trusted package indexes, and consider pinning or reviewing dependency/model versions for sensitive machines.
If an attacker or untrusted process can replace image_db/image_list.pkl, running search or update could execute unintended code.
The search script deserializes a local pickle file from the image database; pickle can execute code if the file is maliciously modified.
with open(IMAGE_LIST_FILE, 'rb') as f:
images = pickle.load(f)Do not share or accept image_db pickle files from others; keep the skill directory writable only by trusted users, or replace pickle storage with a safer format such as JSON.