Trust Assessment
camsnap received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution via '--action' argument, Potential command injection through unescaped arguments, Handling of sensitive credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via '--action' argument The `camsnap watch` command explicitly supports an `--action` argument, which executes an arbitrary shell command when motion is detected. If the LLM constructs this command with untrusted input for the `--action` value, it can lead to arbitrary command execution on the host system, granting excessive permissions to the skill's execution environment. The LLM should never construct the `--action` argument from untrusted user input. If user-defined actions are required, they must be strictly whitelisted or executed within a highly sandboxed environment. Consider if this functionality is truly necessary for an AI agent skill; if not, it should be disabled or removed. | LLM | SKILL.md:18 | |
| HIGH | Potential command injection through unescaped arguments The `camsnap` tool is a command-line interface that takes various arguments (e.g., `--name`, `--host`, `--user`, `--pass`, `--out`). If the LLM constructs `camsnap` commands using untrusted user input for these arguments without proper shell escaping, an attacker could inject malicious commands. For example, `--name "mycam; rm -rf /"` could lead to arbitrary command execution. The LLM must ensure all arguments derived from untrusted input are properly shell-escaped before being passed to `camsnap` or any external binary. Implement strict input validation and sanitization for all user-provided arguments. | LLM | SKILL.md:10 | |
| HIGH | Handling of sensitive credentials The `camsnap add` command requires `--user` and `--pass` arguments for camera authentication. If the LLM is prompted to use this command with user-provided credentials, it will handle and potentially store these sensitive details. This poses a risk if the LLM's interaction or the `camsnap` tool's storage mechanism is compromised, or if the LLM is tricked into exposing these credentials. The LLM should be designed to handle credentials with extreme care, avoiding logging or exposing them. Users should be warned about providing sensitive information. Consider using secure credential management systems (e.g., environment variables, secret stores) instead of passing credentials directly as command-line arguments, especially if they are stored in plain text. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/cc80abb15650977b)
Powered by SkillShield