by 安全扫描
OpenClaw
安全
high confidenceThe skill's files and runtime instructions match its stated purpose (photo analysis + EXIF extraction); it performs local EXIF parsing and visual-analysis guidance and does not request unrelated credentials or network endpoints, though it asks to install a standard Python dependency and can expose EXIF/GPS metadata from user images.
评估建议
This skill is coherent for photo analysis: it includes a small EXIF extractor and local reference material and does not ask for unrelated credentials. Before installing or running it, consider: (1) Install dependencies in an isolated environment (virtualenv/container) because pip install will download packages from PyPI and modify your environment. (2) Photos often contain EXIF/GPS data — strip or review EXIF if you don't want to share location. (3) The extract_exif.py is short and readable; you...详细分析 ▾
✓ 用途与能力
Name/description, included references, and the single helper script (scripts/extract_exif.py) align with a photography guidance skill. Required artifacts (Pillow via requirements.txt and an EXIF extraction script) are reasonable and proportional to the stated functionality.
ℹ 指令范围
SKILL.md limits operations to: check/install Pillow, run the local extract_exif.py on a user-provided image, and produce a structured report using internal reference docs. This stays within scope, but the instructions explicitly instruct pip install -r requirements.txt (which will contact PyPI) and to run Python on user-supplied files — both of which are normal for this skill but worth noting (installation will modify the agent environment and images may contain sensitive EXIF/GPS metadata).
ℹ 安装机制
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs using pip install -r requirements.txt. The requirements list a single well-known package (Pillow) from PyPI — a standard, traceable source. Risk is moderate only because pip will download and install packages into the execution environment.
ℹ 凭证需求
The skill requests no environment variables or credentials (proportional). One privacy-related point: the EXIF extractor will surface GPS/location fields if present, which could leak sensitive location metadata from photos; the SKILL.md notes local processing, but users should be aware of EXIF contents before uploading.
✓ 持久化与权限
The skill is not always-enabled, does not request elevated privileges, does not modify other skills, and contains no install-time hooks that persistently alter agent configuration. It runs only when triggered and per the included instructions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/4/12
photo-guide-skill v0.1.0 changelog - Initial release: Provides comprehensive photo analysis and guidance for users seeking to replicate effects, understand parameters, and optimize/post-process photos. - Supports EXIF extraction (via Python script) for more accurate camera parameter reporting. - Offers step-by-step workflow: dependency check, EXIF extraction, multi-dimensional visual analysis, style template matching, and structured report generation. - Includes practical shooting tips, post-processing recommendations, lighting and props suggestions, and beginner-friendly learning keywords. - Addresses boundary cases such as lack of EXIF data, low image quality, and mobile phone shooting. All analysis is processed locally for privacy.
● 可疑
安装命令
点击复制官方npx clawhub@latest install photo-guide-skill
镜像加速npx clawhub@latest install photo-guide-skill --registry https://cn.longxiaskill.com