Trust Assessment
office-cam received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 2 critical, 7 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawcamera/skills/office-cam/scripts/wyze-capture.py:39 | |
| CRITICAL | Command Injection via RTSP URL in ffmpeg call The `scripts/wyze-capture.py` script constructs an `ffmpeg` command using an RTSP URL (`rtsp_url`) retrieved from environment variables (e.g., `WYZE_SHED_URL`). This `rtsp_url` is passed directly as an argument to `subprocess.run` without proper sanitization. An attacker who can control the content of these environment variables could inject arbitrary `ffmpeg` command-line arguments, potentially leading to arbitrary command execution on the host system. `ffmpeg` is known to support various filters and options that can execute external commands. Sanitize the `rtsp_url` before passing it to `ffmpeg`, or use a more robust method for handling sensitive parameters that doesn't involve direct command-line injection. Consider using `ffmpeg`'s programmatic API if available or strictly validating the URL format. | LLM | scripts/wyze-capture.py:30 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_camera'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawcamera/skills/office-cam/scripts/wyze-capture.py:39 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/snail3d/clawcamera/skills/office-cam/SKILL.md:45 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/snail3d/clawcamera/skills/office-cam/SKILL.md:66 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/snail3d/clawcamera/skills/office-cam/SKILL.md:80 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/snail3d/clawcamera/skills/office-cam/SKILL.md:138 | |
| HIGH | Path Traversal in output file naming The `scripts/wyze-capture.py` script uses `sys.argv[1]` (the camera name) directly in the construction of the `output_file` path (`f"{name}_{timestamp}.jpg"`). If an attacker provides a camera name containing path traversal sequences (e.g., `../../`), they could cause the script to write image files to arbitrary locations on the filesystem, potentially overwriting sensitive files or filling up critical directories. Sanitize the `camera_name` input from `sys.argv[1]` to remove or escape any path traversal characters (e.g., `/`, `..`). A simple approach is to ensure the `name` only contains alphanumeric characters and underscores. | LLM | scripts/wyze-capture.py:25 | |
| HIGH | Plaintext Credentials in Environment Variables and Command Line The `scripts/wyze-capture.py` script expects Wyze camera RTSP URLs, which include plaintext username and password (e.g., `rtsp://user:pass@ip/live`), to be stored in environment variables. These URLs are then passed directly as command-line arguments to the `ffmpeg` subprocess. This practice exposes sensitive credentials in several ways: 1) Environment variables are accessible by other processes on the same system. 2) Command-line arguments can be inspected by other users/processes (e.g., via `ps aux` or `/proc/cmdline`). 3) If a command injection vulnerability (like the one identified in Finding 1) is exploited, the attacker could easily exfiltrate these credentials. This significantly increases the risk of credential compromise. Avoid storing sensitive credentials directly in environment variables or passing them as plaintext command-line arguments. Consider using a secure secrets management system (e.g., a dedicated secrets store, OS-level keyring, or a configuration file with restricted permissions) and pass credentials to `ffmpeg` via stdin or a temporary file if `ffmpeg` supports it, or use a library that abstracts this securely. If environment variables are unavoidable, ensure they are only accessible by the executing user and process, and consider encrypting them at rest. | LLM | scripts/wyze-capture.py:13 |
Scan History
Embed Code
[](https://skillshield.io/report/f37249edf8ad7c9d)
Powered by SkillShield