Skills

open-images-for-free-use

Installation
SKILL.md

Open-License Images

This is the one-stop way to source an image for any use case — UI hero, blog post, presentation, document, marketing asset — without ever wondering whether it's safe to use. It draws from a curated repository of pre-vetted images and checks each one's license against bundled, machine-readable license terms. By the time the skill hands back a URL, the licensing question is already answered.

There are two stages: pick an image and verify its license. Both are required — even though the source is curated, the license check is the contractual ground truth, and it's what makes this skill safe to trust.

Why this is safe to install (for reviewers):

  • No third-party free text reaches the agent at runtime. The catalog (./index.json) is shipped inside the skill and reviewed like any other bundled file. The only thing fetched at runtime is the selected image's bytes, and the only value extracted from them is a license identifier that is immediately allow-listed against a fixed set of eight known IDs — it cannot carry arbitrary text into context, and it can never name a path. Raw image bytes / strings output are never printed.
  • Fetches are pinned to an immutable commit SHA (e40900d), not a moving branch. The bytes at a given SHA cannot change, so what was reviewed is what ships — a moving main is exactly the "external content changes under you" risk that pinning removes.
  • The license verdict is grounded, not assumed. It comes from the image's own embedded metadata (the source's TOS makes that the authoritative declaration), resolved to a license file shipped inside this skill. The images at the pinned revision were individually license-reviewed by the author.
  • Release-time invariant: when you bump the pinned SHA to add images, re-ship the matching ./index.json from that SHA and re-review both the new licenses and the new catalog entries — the "pre-vetted" guarantee is only honest for a SHA whose contents you have actually checked.

Pick an image

The catalog is shipped with this skill as ./index.json — it is not fetched at runtime. It is a JSON array; each entry has a name (the image filename) and a keywords array describing the image. Because it travels inside the skill, it is reviewed content, just like the license files — no outsider-authored free text enters the agent's context at runtime.

The catalog is treated as a suggestion only: it tells the skill which image to fetch, but the license verdict comes from the image file itself, and that verdict is allow-listed (see below) before it can affect anything. So no value the catalog supplies is ever used as a path or trusted blindly.

Read the local catalog directly — do not pre-filter with a keyword query. Look at the full list, then pick the entry whose name and keywords most closely match the user's intent (consider what the image will be used for — hero banner, blog header, illustration, portrait — not just the literal subject). Use judgment, not substring matching.

Installs
551
Repository
peter-duffy95/o…se-skill
First Seen
Today
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
open-images-for-free-use — peter-duffy95/open-images-for-free-use-skill