Trio Stream Vision

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it can send sensitive live camera footage to an external service and promote continuous monitoring without adequate privacy and consent guardrails.

Install only if you are comfortable sending selected livestream or camera content to Trio for analysis. Use it only on streams you own or are authorized to monitor, avoid private spaces or bystanders without consent, protect TRIO_API_KEY, set finite monitoring durations and max trigger limits, and treat the security-guard and social-posting ideas as risky marketing notes rather than safe defaults.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The document shifts from general stream description to explicitly positioning the capability as an "AI security guard," which broadens the intended use into surveillance and security monitoring without corresponding safeguards or usage boundaries. That framing can encourage deployment for automated monitoring decisions in contexts with privacy, false-positive, and misuse risks beyond the original benign demo scope.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The material encourages users to submit live camera and stream URLs to an external vision service without any privacy warning or consent guidance. This is dangerous because users may unknowingly send sensitive surveillance footage, bystander images, or private RTSP feeds to a third party, creating privacy, compliance, and data exposure risks.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The setup instructions tell users to export an API key directly in the shell without warning about shell history, shared terminals, or multi-user environments. This can lead to credential leakage through history files, process inspection, screenshots, terminal logging, or reused session environments, enabling unauthorized use of the external service.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The file describes repeated monitoring of public livestreams, including pedestrian and traffic behavior analysis, but provides no notice about privacy, surveillance ethics, retention, or appropriate use constraints. Even when streams are public, normalizing continuous analysis of people can facilitate mass observation, profiling, or deployment in contexts where users may overestimate legality or appropriateness.

Missing User Warnings

High

Confidence: 95% confidence
Finding: Promoting 24-hour camera analysis as an inexpensive "AI security guard" materially increases the risk of the tool being used for persistent surveillance or quasi-security automation without safeguards. This is more dangerous in context because the skill is specifically built to analyze live video feeds, making the leap from demo content to real-world monitoring straightforward and scalable.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The recommended public-facing description emphasizes convenience and broad camera support but omits a clear warning that live camera frames are sent to Trio's cloud services for processing. For a skill centered on home/security/indoor cameras, this can mislead users about data handling and cause them to expose sensitive video feeds without informed consent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The plan explicitly encourages deploying a public demo over live streams and reposting observations across social channels, but it includes no guardrails around consent, lawful monitoring, or privacy-sensitive content. In the context of a vision skill that can analyze RTSP cameras and livestreams, this materially increases the risk of surveillance misuse, exposure of bystanders, and public dissemination of sensitive visual data.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The document proposes a 24/7 'AI security guard' service monitoring a user's camera continuously, yet provides no discussion of consent, notice, storage limits, access control, or abuse prevention. Continuous monitoring of camera feeds is especially sensitive because it can capture homes, visitors, workers, and routines, creating significant privacy, legal, and safety risks if misused or breached.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The guide instructs users to submit live stream URLs and free-form analysis conditions to a third-party API, but it does not place a clear privacy or data-sharing warning adjacent to those usage steps. Users may unknowingly send sensitive camera endpoints, internal RTSP URLs, or surveillance-related prompts to an external service, creating confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README explicitly markets analysis of YouTube livestreams, RTSP cameras, HLS streams, and home/security camera use cases, but it does not clearly warn users that video data or extracted frames/clips are sent to Trio's external API for processing. This omission can cause users to unknowingly transmit sensitive surveillance, household, or personal data to a third party, creating privacy, consent, and compliance risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The rule to auto-detect intent from any provided stream URL is overly broad and can cause the skill to initiate external monitoring or summarization actions without an explicit, action-specific user confirmation. In a surveillance-oriented skill that processes live camera feeds and may incur ongoing charges, ambiguous auto-invocation materially increases privacy and billing risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends user-supplied live stream URLs and potentially analyzed content to a third-party API and can forward events or summaries to arbitrary webhook endpoints, but it does not prominently warn users about this data sharing. Because the inputs may be private camera feeds or sensitive monitoring targets, the absence of explicit privacy notice and consent makes misuse more dangerous.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal