Back to skill

Security audit

Kami Video Search

Security checks across malware telemetry and agentic risk

Overview

This camera-recording skill appears purpose-aligned, but it needs Review because it handles surveillance footage and credentials while using remote AI uploads, background recording, automatic deletion, broad triggers, and a risky setup path.

Review before installing. Use this only if you are comfortable sending sampled frames or full video clips, search queries, and an API key to Kamivision for AI processing. Check the config carefully, use dedicated camera and API credentials, avoid sensitive camera locations unless all affected people consent, and consider installing Python manually instead of running the bundled setup script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README makes strong privacy claims such as local-only storage and that data does not leave the device, while elsewhere it explicitly states that frames or video may be uploaded to a remote AI API for analysis. This is a security-relevant documentation integrity issue because users may deploy the skill under false assumptions about surveillance data handling and expose sensitive footage to third parties without informed consent.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README says API keys are encrypted locally and not transmitted elsewhere, but a remote API cannot be used without sending credentials in requests or an equivalent authentication artifact. This misleading claim can cause operators to misunderstand how secrets are used and trust the system more than warranted, especially in a surveillance product handling sensitive video.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The setup script goes beyond creating an isolated project environment and attempts to modify the host by installing Python through Homebrew, conda, or pyenv. In particular, the pyenv path includes fetching and executing a remote bootstrap script, which creates a software supply-chain risk and expands the blast radius from the skill environment to the user's system.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The documented trigger style is broad conversational language such as common phrases for starting, stopping, searching, or viewing logs. In an agent environment, ambiguous or overly generic invocation phrasing can cause accidental activation during ordinary conversation, potentially starting recording, exposing logs, or querying surveillance data without clear user intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README suggests users can issue plain natural-language commands directly, but it does not clearly define when the skill activates versus when the assistant should treat the text as normal conversation. In a surveillance/recording context, this ambiguity increases the risk of unintended recording actions, searches over sensitive footage, or disclosure of operational logs.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Routing unmatched requests to the 'closest intent' makes high-impact actions like starting/stopping recording or searching footage trigger from ambiguous user input. In a surveillance skill, mistaken intent resolution can cause unauthorized recording changes, disclosure of logs or footage, or other privacy-sensitive actions without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several trigger phrases such as 'what happened', 'show recent', 'check status', or 'show logs' are broad enough to match normal conversation. Because this skill controls surveillance and exposes potentially sensitive footage and logs, overly generic triggers increase the chance of accidental activation or unintended disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill presents 24/7 recording and natural-language search as convenience features without an upfront warning that it may continuously capture sensitive video and send data to an external API for analysis. In the context of home or office camera feeds, incomplete disclosure undermines informed consent and increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The retention cleanup automatically deletes recorded video files and database records with no explicit user confirmation or prominent disclosure in the interface. In a surveillance/forensics context, silent deletion can destroy evidence, undermine auditability, and create unexpected data loss that materially affects security operations.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code base64-encodes video or extracted frames and sends them to an external Kamivision API for summarization and embeddings. Because this handles surveillance footage, undisclosed third-party transmission can expose highly sensitive visual data, credentials-adjacent metadata, and regulated personal information beyond the local recording boundary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User search text is transmitted to an external embedding service without clear disclosure. Even though queries are smaller than video, they can contain sensitive investigative intent, names, locations, or incident details, leaking operational context to a third party.

External Script Fetching

High
Category
Supply Chain
Content
echo "   Installing via pyenv (user-level, no sudo required)..."
        if ! command -v pyenv &>/dev/null; then
            echo "   Installing pyenv first..."
            curl -fsSL https://pyenv.run | bash
            export PYENV_ROOT="$HOME/.pyenv"
            export PATH="$PYENV_ROOT/bin:$PATH"
            eval "$(pyenv init -)"
Confidence
100% confidence
Finding
curl -fsSL https://pyenv.run | bash

Chaining Abuse

High
Category
Tool Misuse
Content
echo "   Installing via pyenv (user-level, no sudo required)..."
        if ! command -v pyenv &>/dev/null; then
            echo "   Installing pyenv first..."
            curl -fsSL https://pyenv.run | bash
            export PYENV_ROOT="$HOME/.pyenv"
            export PATH="$PYENV_ROOT/bin:$PATH"
            eval "$(pyenv init -)"
Confidence
99% confidence
Finding
| bash

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.