raspberry-pi-camera-service
WarnAudited by ClawScan on May 18, 2026.
Overview
This is a plausible Raspberry Pi camera service, but its default deployment can create a persistent, high-privilege, network-accessible camera and media-file API.
Install only on a trusted Raspberry Pi and trusted network. Before deployment, change the service to bind to localhost unless remote access is required, add authentication/firewall controls, run it as a dedicated non-root user, and review the dependency/systemd changes carefully.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Pi is reachable on the network, other devices or processes may be able to trigger camera recording/capture or media-file operations unless the user adds firewalling or authentication.
The deployment guide documents an all-interface listener for the camera service. Because the skill describes HTTP camera control and media list/download/delete, and the metadata declares no primary credential, the artifacts do not show a clear access-control boundary for high-impact actions.
HOST=0.0.0.0 # 服务监听地址 PORT=27793
Default to 127.0.0.1 unless remote access is intentionally needed, add authentication or a protected reverse proxy, firewall port 27793, and require explicit user confirmation for recording and deletion.
A network-exposed camera service running as root increases the impact of bugs or unauthorized access.
The script requires sudo, then derives SERVICE_USER from the current effective user. When run as documented with sudo, this likely sets SERVICE_USER to root for the generated systemd service.
SERVICE_USER=$(id -un)
...
if [ "$EUID" -ne 0 ]; then
log_error "请使用 sudo 运行此脚本"Run the service under a dedicated non-root user in the appropriate video/camera group, and avoid deriving the service user from root during sudo installation.
Private camera footage could be exposed or removed by parties that can reach the service endpoint if no external protections are in place.
Captured images and videos can be enumerated, downloaded, and deleted through the service API. Combined with the documented 0.0.0.0 listener and no declared credential requirement, the media data boundary is unclear.
download() - 下载文件(视频或图片) ... list_outputs() - 列出所有输出文件(视频和图片) ... delete_remote() - 删除远程文件(视频或图片)
Protect the media API with authentication, limit network exposure, use TLS or a trusted local tunnel for remote access, and define retention/deletion rules.
Dependency versions may change over time, and the system Python environment can be modified outside normal package-management protections.
The installer resolves packages at install time and installs the client SDK into system Python with --break-system-packages. This is purpose-aligned setup behavior, but it is invasive and less reproducible.
pip install --upgrade pip
pip install -r requirements.txt
...
pip install "$pkg_dir" --quiet --break-system-packagesUse pinned dependency versions or a lockfile, keep the client SDK in a virtual environment where possible, and avoid --break-system-packages unless the user explicitly accepts it.
The service can keep running after the immediate camera task is finished, leaving the API available until stopped, disabled, or uninstalled.
The generated unit is designed to restart and run at boot. This is expected for a camera service, but it means the camera API remains active beyond a single user request.
Restart=always RestartSec=5 ... [Install] WantedBy=multi-user.target
Confirm that a persistent service is desired, disable it when not needed, and document how to stop or uninstall it safely.