kami-suspicious-person
PassAudited by ClawScan on May 13, 2026.
Overview
The skill is a clearly disclosed face-recognition surveillance tool, but it handles sensitive camera and biometric data and should be used only with careful consent, scoping, and retention controls.
Install only if you intentionally want continuous face-recognition monitoring. Confirm the camera source, runtime, face database, alert threshold, output directory, and Feishu webhook before running. Protect face images, embeddings, snapshots, logs, and camera URLs as sensitive data, and make sure surveillance use complies with consent and local rules.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or changed dependency/model source could affect the local surveillance process.
The setup script installs dependencies and downloads model files from a remote release; the dependency versions in requirements.txt are unpinned and the model download is not checksum-verified.
"$VENV_DIR/bin/pip" install -q -r "$SKILL_DIR/requirements.txt" ... BUFFALO_URL="https://github.com/deepinsight/insightface/releases/download/v0.7/buffalo_l.zip"
Pin dependency versions, verify downloaded model checksums, and run setup only from a trusted copy of the skill.
Registered users' biometric templates are stored on disk and could affect future recognition results if modified or exposed.
The face database builder stores named biometric embeddings in a persistent local cache.
records.append({"name": person_name, "embedding": emb}) ... pickle.dump(records, f)Restrict access to the face_db directory, use only consented face images, delete stale embeddings, and rebuild the cache after authorized changes only.
Loitering alerts and snapshot paths may be shared with everyone who can access the configured Feishu chat or webhook.
The skill can transmit alert metadata to a Feishu webhook, which is an external chat/provider boundary.
When set, every alarm is POSTed to Feishu as an interactive card (title / stranger_id / duration / timestamp / snapshot path).
Use a trusted Feishu group, protect the webhook URL and signing secret, and do not enable webhook delivery unless external notification is intended.
If started with the default unlimited runtime, monitoring and alert generation may continue until the process is manually stopped.
The skill is intentionally long-running and can monitor indefinitely, although this behavior is disclosed and there is no evidence of hidden auto-start persistence.
The script runs continuously ... Set `run_time: 0` for unlimited operation.
Confirm the camera source and runtime before launching, set a finite run_time when appropriate, and stop the process when monitoring is no longer needed.
Camera connection details could be exposed in logs, terminal output, or agent-visible error messages if a sensitive URL is supplied.
The full camera URL can appear in error text; RTSP URLs may be sensitive and sometimes include camera credentials.
raise RuntimeError(f"Failed to open video stream: {rtsp_url}")Avoid embedding passwords in RTSP URLs where possible, use restricted camera accounts, and redact URLs from shared logs or transcripts.