Dahua Cloud Open Device Image Analysis
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill’s behavior matches its stated purpose—capturing authorized Dahua camera snapshots and analyzing them in Dahua Cloud—but it handles sensitive cloud credentials and camera images.
Install this only if you are comfortable giving the skill Dahua Cloud credentials and allowing it to capture, locally store, and send camera images to Dahua Cloud for AI analysis. Use scoped credentials, confirm device IDs before capture, and delete saved images when no longer needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process with access to these environment variables may be able to call the Dahua APIs permitted by the credentials.
The skill requires Dahua Cloud credentials, including a Secret Key, to authenticate and operate against the user's Dahua Cloud account.
需要设置 Cloud 凭证(ProductId、AK、SK)
Use least-privilege Dahua credentials where possible, avoid sharing them, rotate them periodically, and remove them when no longer needed.
A request using the skill can capture live camera imagery from the specified device and channel.
The code calls a Dahua device snapshot API, which is central to the skill but gives the agent the ability to capture images from configured IoT cameras.
API_DEVICE_SNAPSHOT = '/open-api/api-iot/device/setDeviceSnapEnhanced'
Invoke it only for devices you own or are authorized to monitor, and verify the device serial number/channel before use.
Camera images may leave the local environment and be processed by the Dahua Cloud AI service.
The skill sends captured camera imagery and the analysis prompt to Dahua Cloud's AI service, which is disclosed and purpose-aligned but still a sensitive external data flow.
调用大华云平台大模型进行图像分析
Avoid using the skill on highly sensitive scenes unless Dahua Cloud processing is acceptable under your privacy, compliance, and retention requirements.
Surveillance images can remain on the machine after the analysis is complete.
The skill persistently stores captured camera images on local disk, creating retained sensitive artifacts that may be accessed later.
图片自动保存到 `captured_images/<设备SN>/` 目录
Periodically delete unneeded captured_images files and restrict local filesystem access if the images may contain sensitive content.
Future installs may resolve to a newer requests version than the one originally tested.
The dependency is version-ranged rather than pinned. This is common and purpose-aligned, but less reproducible than an exact pinned dependency.
requests>=2.31.0
Install from trusted package indexes and consider pinning dependencies in controlled environments.