ClawHub

Ezviz Open Capture Phone Detect

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated camera-monitoring purpose, but it needs review because it handles surveillance images and device audio alerts with some unsafe edges.

Review before installing. Use only with cameras and spaces you are authorized to monitor, prefer environment variables or a secret manager over command-line credentials, rotate any real-looking example secrets, remove the remote sound fallback, and fix the duplicate alert path before relying on automated alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
When no TTS library is installed, the script silently downloads an audio file from an unrelated third-party website and uses it as a fallback artifact. That creates an undocumented external dependency and introduces supply-chain and privacy risk, since execution now depends on remote content outside the primary vendor APIs.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Test mode can generate, upload, and broadcast voice alerts to devices without any detection gate or secondary confirmation. In an agent skill context, that means anyone invoking the script with `--test` and valid credentials can trigger actions on physical devices, increasing the risk of misuse, nuisance alerts, or unauthorized signaling.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description uses broad 'Use when' language for surveillance and automated alerting without clear trigger boundaries, exclusions, or operator confirmation requirements. In an agent ecosystem, this can cause the skill to be invoked in overly broad monitoring scenarios, increasing the risk of inappropriate surveillance actions, privacy violations, and unintended device control.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The document includes plaintext example secrets and bearer tokens, plus signed resource URLs, without warning that these values are sensitive. Even if intended as samples, realistic-looking credentials can be copied, reused, or accidentally left valid, leading to unauthorized API access, resource consumption, and exposure of captured media or device actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script captures surveillance images from a camera and transmits image URLs to external cloud analysis APIs without an explicit consent notice, retention statement, or privacy guardrail. In a monitoring skill, this materially increases privacy and compliance risk because users may not realize camera data is being sent off-device for behavioral analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal