Trust Assessment
office-cam received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 37 findings: 14 critical, 12 high, 9 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings37
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Axios POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-checkin.js:81 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:98 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:128 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:279 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:98 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:128 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:257 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/smart-overwatch.py:28 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/smart-overwatch.py:108 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/wyze-capture.py:39 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-checkin.js:17 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-checkin.js:54 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-checkin.js:127 | |
| CRITICAL | Arbitrary file write via path traversal in x-device-id header The `esp32-cam-receiver.js` script constructs a filename using `req.headers['x-device-id']` without proper sanitization. An attacker can use path traversal sequences (e.g., `../../`) in the `x-device-id` header to write arbitrary files to any location on the file system where the process has write permissions. This allows for arbitrary file creation or overwriting, leading to potential system compromise or data corruption. Sanitize the `deviceId` variable to remove path traversal characters (e.g., `../`, `/`) before using it to construct the filename. Implement strict validation, such as whitelisting allowed characters or using a regex to ensure the `deviceId` only contains alphanumeric characters and hyphens. | LLM | scripts/esp32-cam-receiver.js:25 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'detect_motion'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:128 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_frame'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:98 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:279 | |
| HIGH | Potential data exfiltration: file read + network send Function 'send_telegram_photo' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:58 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'detect_motion'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:128 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_frame'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:98 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:257 | |
| HIGH | Potential data exfiltration: file read + network send Function 'send_telegram_photo' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:58 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_frame'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/smart-overwatch.py:28 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/smart-overwatch.py:108 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_camera'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/skills/office-cam/scripts/wyze-capture.py:39 | |
| HIGH | Shell scripts vulnerable to command injection via unsanitized arguments Several shell scripts (`capture-any.sh`, `capture-esp32.sh`, `capture-wyze.sh`, `capture.sh`) directly use command-line arguments (`$1`, `$2`, etc.) in shell commands (e.g., `curl`, `ffmpeg`, `imagesnap`) without proper sanitization or quoting. If these scripts are invoked by other parts of the skill (e.g., `cli.js`, `analyzer.js` which are not provided) with untrusted user input passed as arguments, it could lead to arbitrary command execution on the host system. Ensure all arguments passed to shell scripts are strictly validated and sanitized. When invoking external commands from Node.js or Python, prefer using array forms (e.g., `subprocess.run(['command', 'arg1', 'arg2'])` in Python or `spawn('command', ['arg1', 'arg2'])` in Node.js) over string forms to prevent shell injection. For shell scripts, use `printf %q` or similar methods to properly quote arguments if they must be passed as strings, or implement rigorous input validation. | LLM | scripts/capture-any.sh:10 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/clawd/skills/office-cam/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:56 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch-pro.py:82 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:56 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawd/skills/office-cam/scripts/overwatch.py:82 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/clawd/skills/office-cam/scripts/morning-report.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/clawd/skills/office-cam/scripts/motion-detect.sh:5 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/snail3d/clawd/skills/office-cam/package.json | |
| MEDIUM | Hardcoded path to Telegram credentials file The `overwatch-pro.py` and `overwatch.py` scripts attempt to load Telegram API credentials from a hardcoded path: `~/.clawdbot/credentials/telegram.json`. While the script uses these credentials for their intended purpose, the presence of a known, hardcoded path to a sensitive file could be exploited by an attacker if they can gain access to the system or trick the skill into reading and exfiltrating this file. This practice also makes credential management less flexible and potentially less secure than using environment variables exclusively. Avoid hardcoding paths to credential files. Prefer using environment variables for sensitive information. If a file must be used, ensure it has strict permissions (e.g., `chmod 600`) and consider making the path configurable via an environment variable rather than hardcoding it. | LLM | scripts/overwatch-pro.py:25 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/snail3d/clawd/skills/office-cam/package.json | |
| INFO | Unpinned dependencies in package.json The `package.json` file uses caret (`^`) ranges for dependencies (e.g., `"axios": "^1.6.0"`). This allows for automatic updates to minor and patch versions, which can introduce unexpected changes, bugs, or even vulnerabilities if a malicious update is published. While common, for security-sensitive applications, it is safer to pin dependencies to exact versions or rely on a lock file (`package-lock.json`) to ensure deterministic builds and prevent supply chain attacks. Pin dependencies to exact versions (e.g., `"axios": "1.6.0"`) or ensure `package-lock.json` is always committed and used for builds to guarantee consistent dependency versions. Regularly audit dependencies for known vulnerabilities. | LLM | package.json:34 |
Scan History
Embed Code
[](https://skillshield.io/report/662e578e4a90f496)
Powered by SkillShield