ClawHub

Ezviz Open PTZ Control

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for Ezviz camera control, but it handles sensitive camera credentials less safely than its environment-variable documentation suggests.

Review before installing. Use only a dedicated minimal-permission Ezviz app key, avoid passing secrets as command-line arguments, do not print or log tokens, and disable or clear the token cache on shared or high-security machines. Confirm target device serials and preset actions before running mutating camera-control commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented purpose and security model do not fully match the described behavior: the skill supports additional device operations, token-cache management, and accepts credentials via command-line arguments despite emphasizing environment variables. This mismatch can mislead reviewers and users about what actions the skill can perform and expose secrets through shell history or process listings when CLI credentials are used.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module docstring states that authentication uses environment variables, but the actual CLI requires appKey and appSecret as positional command-line arguments. Passing secrets on the command line is risky because they are commonly exposed through shell history, process listings, job logs, and audit tooling, which can leak long-lived credentials to other local users or operators.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly demonstrates printing the access token to stdout, which can cause credential exposure through shell history, terminal scrollback, CI logs, screenshots, or shared session transcripts. Because this token is used to control EZVIZ devices, leaking it could enable unauthorized API access until expiry.

Credential Access

High
Category
Privilege Escalation
Content
# 推荐:使用 .env 文件(不要提交到版本控制)
echo "EZVIZ_APP_KEY=your_key" >> .env
echo "EZVIZ_APP_SECRET=your_secret" >> .env
chmod 600 .env

# 加载环境变量
source .env
Confidence
87% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal