vispatrol-picture

The skill is designed to interface with a local VisPatrol surveillance installation on Windows or WSL. It retrieves a session token from a local configuration file (%TEMP%/vpup.json) and decrypts it using a key derived from the local MAC address (retrieved via uuid.getnode or getmac). While the script uses subprocess.run to resolve environment variables and hardware IDs, the commands are hardcoded and do not process user-controlled input, mitigating RCE risks. The SKILL.md and SECURITY.md files provide explicit defensive instructions to the AI agent, requiring it to obtain user consent before accessing local files or performing broad device queries, which aligns with the stated purpose and security best practices.