Back to skill

Security audit

Ezviz Open Camera Video

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do camera-link generation as advertised, but it handles private camera credentials in ways that can expose access tokens or secrets in logs, command history, and documentation examples.

Use this only if you are comfortable granting access to Ezviz camera streams. Prefer dedicated minimal-permission Ezviz credentials, use environment variables rather than command-line arguments, avoid logging or sharing terminal output from runs, disable caching with `EZVIZ_TOKEN_CACHE=0` for sensitive cameras, and rotate any credentials copied from the documentation examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
98% confidence
Finding
The README includes real-looking app credentials and explicitly demonstrates printing access tokens, which creates a strong risk of credential and bearer-token disclosure through source control, logs, terminals, screenshots, or copied command history. In a camera streaming skill, exposed tokens or app secrets could enable unauthorized access to live feeds, playback, or related device APIs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Accepting appKey and appSecret via command-line arguments can expose secrets through shell history, process listings, job control tools, and audit logs on multi-user systems. In this skill context, those credentials can be used to obtain EZVIZ access tokens and generate camera stream links, making the exposure materially sensitive.

Missing User Warnings

High
Confidence
99% confidence
Finding
The debug statements print the full token response object, which likely includes the live access token. Anyone with access to stdout, logs, CI traces, terminal recordings, or chat transcripts could reuse that token to access camera streams or related API operations until expiration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.