Back to skill
Skillv1.0.3
ClawScan security
Ezviz Open Camera Broadcast · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 12:06 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required environment variables are consistent with an Ezviz audio-broadcast tool; no unrelated credentials or unexpected install steps are present, though there are reasonable operational risks (shared token cache, config-file fallback, system TTS subprocesses) you should review before use.
- Guidance
- What to consider before installing: 1) Use dedicated Ezviz AppKey/AppSecret with minimal permissions (do not reuse main account credentials). 2) If you don't want any local config fallback, set the env vars (EZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL) so the skill skips ~/.openclaw/* files; inspect those files first to ensure they don't contain unrelated secrets. 3) The skill caches tokens under the system temp dir (/tmp/ezviz_global_token_cache/global_token_cache.json) with 0600 permissions; set EZVIZ_TOKEN_CACHE=0 to disable caching if you prefer no on-disk tokens. 4) The skill invokes system TTS binaries (say/espeak/ffmpeg) via subprocess; ensure those binaries are trusted and available, or provide a pre-generated audio file instead. 5) Review the included scripts (scripts/audio_broadcast.py and lib/token_manager.py) yourself if possible—functionality is straightforward and matches the documentation. 6) If you are concerned about autonomous invocation, control when the skill runs (it is user-invocable and not forced-always), and consider limiting agent permissions or monitoring broadcast actions.
Review Dimensions
- Purpose & Capability
- okName/description, required env vars (EZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL), and the code all match an Ezviz audio upload + broadcast capability. No unrelated cloud keys or unrelated binaries are requested.
- Instruction Scope
- noteSKILL.md and scripts instruct the agent to use environment vars or fallback to read ~/.openclaw/*.json for channels.ezviz, obtain tokens, run TTS via system commands (say/espeak/ffmpeg) and upload audio to openai.ys7.com endpoints. This is within the stated scope, but the fallback config-file reading and use of system subprocesses are scope-expanding behaviors the user should accept explicitly.
- Install Mechanism
- okNo remote download/install spec; only a simple Python dependency (requests) is required and the shipped Python scripts implement the functionality. No risky external installers or short/obfuscated URLs are used.
- Credentials
- noteRequested environment variables are proportional to the task. Caveats: the skill reads OpenClaw config files as a fallback (may expose other local config if mispopulated) and uses a global token cache in the system temp dir shared by other skills—though cache file permissions are set to 0600. The SKILL.md explicitly recommends using dedicated, least-privilege AppKey/AppSecret.
- Persistence & Privilege
- okalways:false and no modifications to other skills or system-wide settings. The only persistent artifact is an optional shared token cache in /tmp; this is normal for token reuse but is a shared resource to be aware of.