Trust Assessment
office-cam received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 38 findings: 13 critical, 12 high, 12 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings38
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Axios POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-checkin.js:81 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:98 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:128 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:279 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:98 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:128 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:257 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/smart-overwatch.py:28 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/smart-overwatch.py:108 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/wyze-capture.py:39 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-checkin.js:17 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-checkin.js:54 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-checkin.js:127 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'detect_motion'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:128 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_frame'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:98 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:279 | |
| HIGH | Potential data exfiltration: file read + network send Function 'send_telegram_photo' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:58 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'detect_motion'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:128 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_frame'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:98 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:257 | |
| HIGH | Potential data exfiltration: file read + network send Function 'send_telegram_photo' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:58 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_frame'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/smart-overwatch.py:28 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/smart-overwatch.py:108 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'capture_camera'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/wyze-capture.py:39 | |
| HIGH | Arbitrary File Write via Path Traversal The `esp32-cam-receiver.js` script constructs a filename using the `x-device-id` HTTP header and then writes the request body to this file. An attacker can use path traversal sequences (e.g., `../../`) in the `x-device-id` header to write arbitrary content to any location on the filesystem, potentially overwriting critical files or placing malicious executables. Sanitize or validate the `deviceId` (from `x-device-id` header) to ensure it does not contain path traversal characters (e.g., `../`, `..\`). A whitelist of allowed characters or a strict validation regex should be applied before using `deviceId` in file path construction. Alternatively, generate a UUID for `deviceId` instead of relying on client-provided input. | LLM | scripts/esp32-cam-receiver.js:23 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/clawforgod/skills/office-cam/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:56 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch-pro.py:82 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:56 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/overwatch.py:82 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/morning-report.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/clawforgod/skills/office-cam/scripts/motion-detect.sh:5 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/snail3d/clawforgod/skills/office-cam/package.json | |
| MEDIUM | Command Argument Injection in Shell Scripts Multiple shell scripts (`capture-any.sh`, `capture-esp32.sh`, `capture-wyze.sh`, `capture.sh`) take user-controlled input (command-line arguments or environment variables) and pass them directly as arguments to external commands like `curl`, `ffmpeg`, and `imagesnap`. While variables are double-quoted, an attacker could inject malicious arguments (e.g., `--data 'sensitive_info'` for `curl`, or `-map_metadata` for `ffmpeg`) to alter command behavior, exfiltrate data, or cause denial of service. For example, in `capture-esp32.sh`, if `$1` (OUTPUT) is `--data 'sensitive_data' -o /dev/null`, it could exfiltrate data via `curl`. Implement strict validation and sanitization for all user-provided inputs before passing them to external commands. For file paths, ensure they are canonicalized and do not escape the intended directory. For URLs, validate the scheme and host. Consider using a safer method for executing external commands that explicitly separates arguments, or use libraries that handle argument escaping securely. | LLM | scripts/capture-esp32.sh:12 | |
| MEDIUM | Command Argument Injection in Shell Scripts The `capture-wyze.sh` script takes user-controlled input (`$RTSP_URL` from `$2` or `WYZE_RTSP_URL` environment variable) and passes it directly as an argument to `ffmpeg`. An attacker could inject malicious `ffmpeg` arguments (e.g., `-i 'rtsp://evil.com' -map_metadata 0:s:0 -codec copy /tmp/exfil.mp3`) to potentially exfiltrate data or cause other unintended side effects. Implement strict validation and sanitization for all user-provided inputs before passing them to external commands. For URLs, validate the scheme and host. Consider using a safer method for executing external commands that explicitly separates arguments, or use libraries that handle argument escaping securely. | LLM | scripts/capture-wyze.sh:10 | |
| MEDIUM | Command Argument Injection in Shell Scripts The `capture.sh` script takes user-controlled input (`$DEVICE` from `WEBCAM_DEVICE` environment variable and `$OUTPUT` from `$1`) and passes them directly as arguments to `imagesnap` and `ffmpeg`. An attacker could inject malicious arguments to alter command behavior or cause unintended side effects. Implement strict validation and sanitization for all user-provided inputs before passing them to external commands. For device names and file paths, ensure they are canonicalized and do not escape the intended directory. Consider using a safer method for executing external commands that explicitly separates arguments, or use libraries that handle argument escaping securely. | LLM | scripts/capture.sh:10 | |
| MEDIUM | Credential Harvesting from User Home Directory The `overwatch-pro.py` and `overwatch.py` scripts attempt to load Telegram API credentials (token and chat ID) from a JSON file (`~/.clawdbot/credentials/telegram.json`) in the user's home directory if environment variables are not set. Accessing arbitrary files in the user's home directory, especially for credentials, without explicit and granular permission from the host LLM or user, poses a credential harvesting risk. This could expose sensitive API keys if the skill is compromised or deployed in an insecure environment. Avoid directly reading sensitive files from the user's home directory. Instead, rely solely on securely provided environment variables or a dedicated, sandboxed secrets management mechanism provided by the host LLM. If file-based credentials are absolutely necessary, ensure the path is explicitly configured by the user and restrict access to only that specific file. | LLM | scripts/overwatch-pro.py:26 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/snail3d/clawforgod/skills/office-cam/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/1c911cd3394e35d9)
Powered by SkillShield