Photo Capture Skill

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local webcam photo skill, but its macOS fallback can automate apps and take window or full-screen screenshots, which is broader than camera-only capture.

Review before installing. Prefer the direct ffmpeg webcam path and avoid the macOS Photo Booth/FaceTime fallback unless you intentionally accept Screen Recording, Accessibility, and Automation permissions. Treat the fallback as capable of capturing visible desktop content, confirm people in view consent, and delete saved images you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill invokes shell commands and reads local files/devices but does not declare any permissions, which weakens sandboxing and informed-consent controls. In this context, the skill accesses a webcam and writes captured media, so missing permission declarations can lead to unexpected camera activation or broader execution than a user or platform policy anticipates.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill description emphasizes direct webcam capture without screen recording, accessibility, or automation permissions, yet the documented fallback uses a macOS app, UI control, and screenshots of a camera window. That mismatch is dangerous because it can capture more than the camera frame, require elevated privacy permissions, and surprise users with broader collection behavior than the description suggests.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The script is advertised as a webcam photo skill but actually activates an app and captures either its window or the full screen. That creates a privacy-sensitive mismatch: users asking to take a photo may unknowingly grant the skill the ability to exfiltrate unrelated on-screen content, including messages, documents, or secrets.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code uses System Events and synthetic keystrokes to manipulate UI state, including fullscreen toggling, which expands the skill's power beyond simple camera capture. In this context, UI automation is unnecessary and risky because it can interact with desktop apps and depends on elevated privacy permissions that could be abused or surprise users.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill is advertised as capturing a fresh webcam image directly, but this script instead opens a camera app and screenshots either its window or the full screen. That design can capture unrelated on-screen content and requires broader permissions than necessary, creating an unnecessary privacy and data-exposure risk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script uses AppleScript UI automation to activate and manipulate an app window, then invokes screencapture to record window or screen contents. For a webcam-photo skill, this is over-privileged behavior because it depends on Accessibility and screen capture capabilities that can expose other visible information beyond the intended camera frame.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The usage text explicitly says the script will save a screenshot, which conflicts with the skill description promising direct webcam capture. This mismatch is security-relevant because it can mislead users and reviewers about the actual data being collected and the permissions the skill will exercise.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list includes very common phrases such as 'open camera' and 'take photo,' increasing the chance of accidental invocation in ordinary conversation. Because this skill can activate a webcam and capture a fresh image, unintended triggering has meaningful privacy impact compared with a low-risk informational skill.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script writes a screenshot image file immediately, with no in-script user-facing warning or confirmation that a screen/window capture will occur. Because screenshots can contain sensitive data unrelated to the requested task, saving them silently increases the privacy risk and makes the behavior more dangerous in the webcam-photo skill context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script activates an application and performs UI automation through AppleScript/System Events without explicit disclosure inside the workflow. In a skill meant for taking a photo, undisclosed app launching and desktop control can violate user expectations and leverage sensitive macOS permissions in a way that broadens the attack surface.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script writes a screenshot file to disk immediately after capture without any explicit confirmation, preview, or user-facing notice at the point of collection. In the context of a camera skill that may unexpectedly capture full-screen or app-window content, silent persistence increases the privacy risk and the chance of retaining sensitive information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal