Tapo Camera

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Tapo camera helper that handles sensitive camera access but keeps it scoped to user-owned LAN devices and user-approved still captures.

Install only if you want an agent to work with your own Tapo cameras on your local network. Keep credentials in a secret manager or temporary environment variables, choose strict explicit activation, avoid --show-rtsp unless necessary, and keep ~/tapo-camera/ private because it may contain camera hosts, notes, and saved still images.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly expects and directs use of environment variables, local network access, and shell-invoked tooling (`kasa`, `ffmpeg`), but no explicit permissions model is declared. That mismatch weakens reviewability and enforcement: an agent or platform may grant broader execution than a user realizes, especially because the skill handles secrets and connects to LAN devices.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior understates sensitive functionality: exposing device metadata, ONVIF endpoints, and especially optionally printing a full RTSP URL with embedded credentials materially expands the security impact beyond simple snapshot capture. If surfaced in chat, logs, transcripts, or shell history, those credentials could enable unauthorized camera access and persistent compromise of the user's local surveillance device.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill asks to 'establish activation boundaries' but proposes broad triggers such as activating whenever Tapo cameras, RTSP, ONVIF, or local snapshots are mentioned, and even proactively helping when a known camera stops responding. In an agent setting, ambiguous activation criteria can cause the skill to engage outside clear user intent, increasing the risk of unsolicited network discovery, camera interaction, or persistence of environment details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal