Local Image Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may enumerate photos across a broad local folder if the user does not provide a narrower directory.
The list-all helper defaults to searching the user's home directory for image files. This is consistent with local image search, but it may expose many private photo paths to the agent unless scoped by the user.
DIR="${1:-$HOME}" ... mdfind -onlyin "$DIR" "kMDItemContentTypeTree == 'public.image'" ... find "$DIR" -type fSpecify an exact folder such as ~/Pictures/TripName when searching, and review results before using them in follow-up actions.
Selected images could be copied into another local folder, including a synced folder, if the destination is chosen carelessly.
The copy helper copies every existing file path received on stdin into a user-supplied destination. This is an expected utility for search results, but it can duplicate local files if used with an overly broad or unintended input list.
mkdir -p "$DEST" ... cp "$file" "$DEST/"
Only pipe reviewed search results into the copy helper and choose a destination folder intentionally.
Some documented commands may fail or could tempt a user to download replacement scripts from an untrusted source.
The documentation lists helper scripts that are not present in the provided file manifest. This appears to be a documentation/package completeness issue rather than malicious behavior, but users should avoid substituting unreviewed scripts.
`scripts/search_by_size.sh` ... `scripts/search_similar.sh` ... `scripts/thumbnail.sh`
Use only the included scripts unless additional helpers are obtained from a trusted, reviewed source.