Skillv1.0.3

ClawScan security

Ezviz Open Restaurant Inspection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 6:23 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, required environment variables, and runtime instructions are consistent with its stated purpose (capture Ezviz device images, manage an Ezviz agent, and send images to Ezviz's AI analysis service).
Guidance: This skill appears to do what it says, but review and accept the side effects before running: it will capture camera images, create/manage Ezviz intelligent agents in your Ezviz account, and upload images to Ezviz's analysis service (aidialoggw.ys7.com). Use a dedicated Ezviz app (not your main account) with minimal permissions. If you don't want automatic credential discovery, remove Ezviz credentials from ~/.openclaw/* or run with explicit environment variables. Consider disabling the global token cache (export EZVIZ_TOKEN_CACHE=0) if you don't want tokens stored under /tmp, and inspect scripts/restaurant_inspection.py and lib/token_manager.py before first run. Test on non-production devices first.

Review Dimensions

Purpose & Capability: okName/description ask for Ezviz app credentials and device serial; the code uses those credentials to obtain a token, list/copy intelligent agents, capture images, and call the analysis endpoint (open.ys7.com and aidialoggw.ys7.com). The requested env vars (EZVIZ_APP_KEY, EZVIZ_APP_SECRET, EZVIZ_DEVICE_SERIAL) are appropriate for the declared functionality.
Instruction Scope: noteSKILL.md and scripts instruct the agent to read credentials from environment or ~/.openclaw config files, manage agents (list/copy), capture device images, and send them to aidialoggw.ys7.com. These actions match the declared side effects and are explicit. Note: reading OpenClaw config files is a legitimate credential fallback but means the skill may pull Ezviz credentials stored in a user's home config if present — review those files if you don't want automatic credential discovery.
Install Mechanism: okNo install spec or remote downloads are present; this is a Python script bundle that depends on the requests library (declared in SKILL.md). Nothing is fetched from arbitrary URLs or installed system-wide by the skill.
Credentials: noteRequested env vars (app key/secret/device serial) are proportional to the task. Two points to consider: (1) the token manager writes a global cache in /tmp/ezviz_global_token_cache/global_token_cache.json (intended behavior) which may be shared across Ezviz skills — ensure you trust other installed skills, and (2) the script will read ~/.openclaw/* config files as a fallback, which could reveal stored credentials if present. The SKILL.md recommends dedicated Ezviz credentials and offers a way to disable caching (EZVIZ_TOKEN_CACHE=0).
Persistence & Privilege: okThe skill does not request permanent platform presence (always:false). It uses a ephemeral-global token cache under /tmp (with code setting file mode 0600). It does create resources on the Ezviz service (agents) and captures images — these are expected side effects and are documented.