ClawHub
Back to skill
v1.0.0

Camsnap 1.0.0

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:15 AM.

Analysis

The skill’s instructions match its camera-capture purpose, but users should notice that it installs an external binary, uses camera credentials, and documents an optional motion action hook.

GuidanceThis appears to be a straightforward camera snapshot/clip skill. Before installing, make sure you trust the camsnap Homebrew source, use limited camera credentials, and review any motion-watch action before letting the agent run it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
install spec
brew | formula: steipete/tap/camsnap | creates binaries: camsnap

The skill relies on installing an external binary from a Homebrew tap; this is expected for a CLI-based camera tool, but users should trust that source before installing.

User impactInstalling the skill may add a third-party executable that can interact with your cameras.
RecommendationInstall only if you trust the Homebrew tap and the camsnap project, and keep the binary updated from a source you recognize.
Tool Misuse and Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
Motion watch: `camsnap watch kitchen --threshold 0.2 --action '...'`

The documented motion-watch command includes an open-ended action parameter, which could automate follow-up behavior if the user supplies an action.

User impactA motion watch action could cause repeated or unintended local actions if configured carelessly.
RecommendationOnly run watch/action commands with explicit user approval and a clearly reviewed action.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Add camera: `camsnap add --name kitchen --host 192.168.0.10 --user user --pass pass`

The setup example uses camera usernames and passwords; this is purpose-aligned for RTSP/ONVIF access, but it grants access to private camera streams.

User impactCamera credentials may allow viewing or recording private camera feeds.
RecommendationUse least-privileged camera accounts where possible and avoid sharing or reusing camera passwords.