Frameo Photo Frame Control
v1.0.0Control Frameo digital photo frames via cloud API for frame info or ADB for full control including photo upload, brightness, screen, and navigation.
⭐ 0· 226·0 current·0 all-time
byMichael@850media
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code and docs: the Python client targets Frameo's cloud API (read-only) and the ADB commands provide full local control (photo upload, brightness, navigation). Functionality requested (account token or ADB access) is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs sensitive operations: capturing bearer tokens from mobile app traffic with a proxy (Proxyman/Charles), saving tokens to ~/.frameo_token, enabling wireless ADB (adb tcpip 5555) and using SSH relays to push files remotely. While these actions enable the described features, they broaden scope to network interception and exposing devices to remote connections — both have meaningful security implications and should be explicit and justified.
Install Mechanism
No install spec (instruction-only) and included code requires only standard Python libraries (requests). Quick-start suggests pip installing requests and pillow; pillow is not used by the provided script. Lack of an install spec reduces disk-write risk, but the skill will write ~/.frameo_token when logging in.
Credentials
Registry metadata lists no required env vars, but the script reads several environment variables (FRAMEO_EMAIL, FRAMEO_PASSWORD, FRAMEO_DEVICE_ID, FRAMEO_PEER_ID, CLIENT_USER_ID, FCM_TOKEN). The skill can store credentials to ~/.frameo_token. The undeclared but used credentials (especially FRAMEO_PASSWORD and FCM token) are sensitive; the metadata should declare them and justify each.
Persistence & Privilege
always:false and no system-wide configuration changes. The script writes its own token cache (~/.frameo_token) which is normal for a client. It does not request elevated system privileges or modify other skills' configs.
What to consider before installing
This skill mostly does what it says (cloud listing via Frameo API and local control via ADB), but treat it cautiously because: (1) the package metadata doesn't declare the environment variables the included script expects — you will need to provide credentials (FRAMEO_EMAIL / FRAMEO_PASSWORD or a token) which are sensitive; (2) the instructions ask you to capture bearer tokens from app traffic (man-in-the-middle proxy) and to enable wireless ADB (adb tcpip 5555), both of which carry security risks — wireless ADB can expose the frame to your LAN or the internet if misconfigured; (3) the skill will store tokens in ~/.frameo_token. Before installing: verify the skill's source/maintainer, prefer using USB ADB only (avoid enabling wireless ADB unless you understand the network exposure), avoid pasting secrets into third-party code, consider running the tool on an isolated machine, and review/modify the script so it only uses explicit, declared environment variables and handles credentials securely. If you need to proceed, request the author to update registry metadata to list required env vars and to document security implications explicitly.Like a lobster shell, security has layers — review code before you run it.
adbvk97f3vsgzj226gbfxg0rjafa8x82b42diotvk97f3vsgzj226gbfxg0rjafa8x82b42dlatestvk97f3vsgzj226gbfxg0rjafa8x82b42dphoto-framevk97f3vsgzj226gbfxg0rjafa8x82b42d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.