Local Image Search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward local photo-search skill, but it can enumerate and copy images from broad local folders, so users should keep searches scoped.
This skill looks safe for local image search. Before installing, be aware that it can list photos and photo metadata from broad folders such as your home directory, including GPS-tagged images. Give it specific directories when possible, review results before copying them, and do not download missing helper scripts from untrusted sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may enumerate photos across a broad local folder if the user does not provide a narrower directory.
The list-all helper defaults to searching the user's home directory for image files. This is consistent with local image search, but it may expose many private photo paths to the agent unless scoped by the user.
DIR="${1:-$HOME}" ... mdfind -onlyin "$DIR" "kMDItemContentTypeTree == 'public.image'" ... find "$DIR" -type fSpecify an exact folder such as ~/Pictures/TripName when searching, and review results before using them in follow-up actions.
Selected images could be copied into another local folder, including a synced folder, if the destination is chosen carelessly.
The copy helper copies every existing file path received on stdin into a user-supplied destination. This is an expected utility for search results, but it can duplicate local files if used with an overly broad or unintended input list.
mkdir -p "$DEST" ... cp "$file" "$DEST/"
Only pipe reviewed search results into the copy helper and choose a destination folder intentionally.
Some documented commands may fail or could tempt a user to download replacement scripts from an untrusted source.
The documentation lists helper scripts that are not present in the provided file manifest. This appears to be a documentation/package completeness issue rather than malicious behavior, but users should avoid substituting unreviewed scripts.
`scripts/search_by_size.sh` ... `scripts/search_similar.sh` ... `scripts/thumbnail.sh`
Use only the included scripts unless additional helpers are obtained from a trusted, reviewed source.