Window Truth

Security checks across malware telemetry and agentic risk

Overview

This weather-camera skill appears purpose-aligned, but it deserves review because it uses IP camera video and audio, sends location to a weather API, and stores local observation logs with limited controls.

Install only if you are comfortable giving the skill access to an IP camera stream that may include audio, and configure your own RTSP URL and coordinates deliberately. Rotate or avoid embedded camera credentials, review the local data/twilight_predictions.jsonl log, and run it in a constrained environment if the camera or location is sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Tainted flow: 'cmd' from os.getenv (line 32, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: "-i", RTSP_URL, "-frames:v", "1", "-f", "image2", "-" ] result = subprocess.run(cmd, capture_output=True) return result.stdout def capture_audio(duration=3):
Confidence: 88% confidence
Finding: result = subprocess.run(cmd, capture_output=True)

Tainted flow: 'cmd' from os.getenv (line 32, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: "-t", str(duration), "-f", "wav", "-acodec", "pcm_s16le", "-ar", "8000", "-ac", "1", "-" ] result = subprocess.run(cmd, capture_output=True) return result.stdout def calculate_brightness(jpeg_bytes):
Confidence: 88% confidence
Finding: result = subprocess.run(cmd, capture_output=True)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises operational capabilities that imply environment access, file writing, networking, and shell execution, but it declares no permissions. That creates a trust and review gap: a host may invoke the skill without understanding it can reach RTSP streams, call external APIs, invoke ffmpeg, and persist local data. In an agent ecosystem, undeclared capabilities are dangerous because they bypass least-privilege review and can enable unexpected data access or command execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented purpose is narrowly framed as local camera-based rain truthing, but the behavior also includes RTSP audio capture, broader conflict detection, and local observation logging. This mismatch is security-relevant because users may consent to a simple weather-check skill without realizing it can record ambient sound and store detailed local telemetry. Audio capture from an IP camera especially increases privacy risk beyond the stated use case.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The script persistently logs timestamps, inferred local conditions, and app-comparison results to disk without any retention, access-control, or disclosure safeguards. In context, this creates a behavioral and location-linked dataset that may expose occupancy patterns or surveillance-derived observations if the host is shared or compromised.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill is framed as camera/window weather observation, but it also captures and analyzes audio from the RTSP stream. That materially changes the privacy profile by enabling microphone-based environmental monitoring or incidental eavesdropping, especially because users may not expect audio collection from a 'window truth' weather tool.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The default RTSP URL embeds static camera credentials directly in configuration, which encourages insecure secret handling and raises the chance of credential leakage via source control, process environment dumps, logs, or screenshots. Because these are surveillance-device credentials, compromise can expose live camera and audio access.

Missing User Warnings

Low

Confidence: 72% confidence
Finding: This is primarily a privacy issue rather than a technical exploit: the script transmits precise location coordinates to a third-party weather service without user-facing notice. In a home-observation skill, location can be sensitive because it ties collected camera/audio-derived observations to a specific place.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal