← Back to Skills Marketplace
154
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install image-collect
Description
This skill extracts knowledge from an image and saves it locally.
README (SKILL.md)
Image Collect Skill
This skill extracts knowledge from an image and saves it locally.
When to use
Use this skill when:
- User sends an image
- User asks to save image as knowledge
- Image needs OCR or content understanding
What it does
- Download image
- Extract text and meaning
- Generate summary
- Save image locally
- Append knowledge to JSON database
Command
Run:
node dist/index.js "\x3Cimage_url>"
Example:
node dist/index.js "https://example.com/image.png" node dist/index.js "data:image/png;base64,xxxx" node dist/index.js "/tmp/image.png"
Output
Returns extracted knowledge including:
- summary
- keywords
- text
- saved image path
Usage Guidance
This skill's behavior appears coherent with its description, but take precautions before installing or running it:
- Installation: The package.json lists dependencies (axios, sharp, tesseract.js) but no install steps are provided. Ask the author for an install spec or be prepared to run npm/pnpm install in a safe environment. Sharp is a native module and often requires build tools or prebuilt binaries.
- Files written: The skill will create ~/openclaw-skill-data/image-knowledge-assets/ and ~/openclaw-skill-data/image-knowledge.json (or a literal '~/openclaw-skill-data' if HOME is unset). If you run it, expect persistent files in your home directory; run in a sandbox or change the code/path if you prefer.
- Remote downloads: The skill will fetch any URL you pass. Do not provide untrusted or internal-network URLs (it could fetch internal endpoints if you or an agent supplies such URLs). If an agent can call it autonomously, ensure it only runs on user-supplied images.
- Tesseract language data and runtime: The code calls tesseract.js; make sure required language models (e.g., chi_sim) are available or that tesseract.js is configured correctly.
- Recommendation: request or supply a proper install spec (or containerized packaging), test in an isolated environment, and verify where files are written before granting it regular use.
Capability Analysis
Type: OpenClaw Skill
Name: image-collect
Version: 1.0.0
The skill is classified as suspicious due to a significant local file read vulnerability in `dist/index.js`. The `saveImage` function uses `fs.copyFileSync` on the user-provided input path without any validation or sandboxing, allowing the agent (or a prompt injection attack) to copy sensitive files (e.g., SSH keys, credentials) from the host into the skill's data directory. Additionally, the use of `axios` to fetch remote images without URL filtering introduces a Server-Side Request Forgery (SSRF) risk.
Capability Assessment
Purpose & Capability
Name/description (extract knowledge from images and save locally) align with the included code and README. Dependencies (axios, sharp, tesseract.js) are appropriate for downloading, preprocessing, and OCR.
Instruction Scope
SKILL.md directs running node dist/index.js with a URL/Base64/local path. The runtime code implements only the declared behaviors: download/accept image, preprocess, OCR, generate summary/keywords, and append a JSON record. It reads process.env.HOME to determine storage location and writes image and JSON files — consistent with 'save locally'.
Install Mechanism
There is no install spec despite package.json and code importing third-party modules (axios, sharp, tesseract.js). Sharp is a native module that typically requires compilation/binaries; tesseract.js may need language data. Without an install step the provided dist/index.js will likely fail in most runtimes. This is an incoherence between delivered files and expected runtime environment.
Credentials
The skill requests no secrets or extra environment variables. It only references HOME to place files, which is proportionate to its purpose. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill writes persistent data to a directory under the user's home (~/openclaw-skill-data/). That is consistent with its purpose (saving images and a JSON DB). It does not attempt to modify other skills or global agent settings. always:false (no forced inclusion).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install image-collect - After installation, invoke the skill by name or use
/image-collect - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of image-collect skill.
- Extracts knowledge from images using OCR and content analysis.
- Saves the original image locally.
- Generates a summary, keywords, and extracted text from the image.
- Appends the extracted knowledge to a JSON database for future reference.
- Supports various image sources: URLs, base64 strings, and local file paths.
Metadata
Frequently Asked Questions
What is image-collect?
This skill extracts knowledge from an image and saves it locally. It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.
How do I install image-collect?
Run "/install image-collect" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is image-collect free?
Yes, image-collect is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does image-collect support?
image-collect is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created image-collect?
It is built and maintained by bondli (@bondli); the current version is v1.0.0.
More Skills