ClawHub

Ezviz Open Picture

Security checks across malware telemetry and agentic risk

Overview

This camera-capture skill is mostly coherent, but its documentation includes realistic-looking EZVIZ credentials and unsafe token/secret examples that users should review before installing.

Review or replace the realistic credentials in the README before use, and rotate them if they were ever real. Use dedicated minimal-permission EZVIZ credentials, prefer environment variables over command-line secrets, disable token caching on shared machines with EZVIZ_TOKEN_CACHE=0, and only run the skill for cameras you are authorized to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The README contains plaintext, real-looking EZVIZ app credentials and token values in command examples and sample output. Even in documentation, publishing reusable secrets or secret-like values can lead to unauthorized API access, token reuse, accidental propagation into shell history or logs, and normalizes unsafe credential handling despite the stated security requirements.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata says credentials must be supplied via environment variables, but the code also accepts command-line arguments and silently falls back to local OpenClaw config files. This discrepancy weakens operator expectations and can cause unintended credential use from broader local configuration stores, increasing the chance of secret exposure or privilege misuse.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script searches unrelated local OpenClaw configuration files for credentials, which expands its access beyond the stated device-capture purpose. This creates a credential discovery behavior that can pull in higher-privilege or unintended secrets from a user's environment, making the skill materially more dangerous in an agent context.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The example commands and output expose real-looking app credentials and access tokens without any cautionary note, which is a direct secret-handling weakness in the documentation. This is especially risky because command-line arguments are often recorded in shell history, process listings, CI logs, and screenshots, making credential leakage likely beyond the README itself.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal