ClawHub

Ezviz Open Safety Production Inspection

Security checks across malware telemetry and agentic risk

Overview

The skill performs the disclosed Ezviz safety-inspection workflow, but users should understand it handles camera images, Ezviz credentials, remote agent changes, and local token caching.

Install only if you are comfortable giving this skill Ezviz API credentials and allowing it to capture images from the configured cameras for remote Ezviz AI analysis. Use a dedicated minimal-permission Ezviz app, test on non-production devices first, and set EZVIZ_TOKEN_CACHE=0 if you do not want access tokens persisted locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises significant capabilities including environment access, local file reads/writes, network calls, and shell execution, but does not declare explicit permissions in a machine-enforceable way. This creates a transparency and consent problem: a user or platform may underestimate the skill's effective privileges, increasing the chance of unintended credential exposure, filesystem access, or remote side effects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose says the skill captures images and sends them for safety analysis, but the behavior also includes querying agent lists, creating or renaming agents, reading local config-based credentials, and globally caching tokens on disk. Those extra actions materially expand the trust boundary and side effects, so users may approve the skill without understanding that it can modify remote account state and persist reusable authentication material locally.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The module supports listing and clearing globally cached tokens across accounts from a shared system temp location. In multi-user or multi-skill environments, this broad token management surface can enable cross-tenant discovery, disruption, or misuse of cached authentication state beyond the intended safety-inspection workflow.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill does more than passive safety inspection: it enumerates existing remote agents, creates new ones from templates, and may rename them automatically. These are persistent remote side effects that alter the user's Ezviz account state and go beyond the minimum required to capture and analyze images, increasing risk if run with broad credentials or in the wrong account.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
The code reads credentials and device identifiers from local OpenClaw config files even though the advertised function is safety inspection of specified devices. This expands the skill's access surface to unrelated local secrets and devices, making accidental overreach more likely if the skill is invoked without explicit parameters.

Session Persistence

Medium
Category
Rogue Agent
Content
warnings:
      - "Use dedicated Ezviz credentials (not main account)"
      - "Queries intelligent agent list"
      - "May create agent from template"
      - "Captures device images"
      - "Sends images to aidialoggw.ys7.com"
      - "Token cached in /tmp/ezviz_global_token_cache/ (600)"
Confidence
90% confidence
Finding
create agent from template" - "Captures device images" - "Sends images to aidialoggw.ys7.com" - "Token cached in /tmp/ezviz_global_token_cache/ (600)" sideEffects: - "Query

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal