Security audit

reCamera Intellisense

Security checks across malware telemetry and agentic risk

Overview

This is a coherent reCamera control skill, but it belongs in Review because it gives agents broad camera, storage, credential, media, and GPIO control with unsafe transport defaults and overly broad activation guidance.

Install only if you intentionally want an agent to control your reCamera devices. Use HTTPS with certificate validation when possible, avoid allow_unsecured except on a trusted LAN, treat returned images/videos and relay URLs as sensitive, and require explicit user confirmation before formatting storage, deleting files, clearing events, changing GPIO, or modifying recording rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger guidance is unusually broad: it instructs invocation for generic camera, detection, snapshot, GPIO, and workflow requests even when the product is not named. In an agent ecosystem, this can cause the skill to activate in contexts the user did not intend, exposing powerful operations such as device registration, file retrieval, storage formatting, and GPIO control to unrelated requests.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This client explicitly supports insecure transport: it allows plain HTTP by default and, for HTTPS, disables certificate and hostname verification when `allow_unsecured` is set. Because it always sends the device token in the `Authorization` header, a network attacker on the same path can intercept credentials or tamper with camera-control traffic, which is especially sensitive in a skill that manages cameras, snapshots, recordings, and GPIO actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code explicitly returns a direct relay URL for recorded files and even notes that the relay token is 'bearer-free', meaning possession of the URL alone may grant access to recordings. In a camera-management skill, these URLs can expose sensitive snapshots or videos to logs, downstream tools, or users without any additional authentication boundary, increasing the risk of unintended disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal