ClawHub

Ipcam

Security checks across malware telemetry and agentic risk

Overview

This IP camera skill is mostly purpose-aligned, but it can expose camera credentials and stores them in plaintext while enabling sensitive camera capture and control.

Install only if you are comfortable letting the skill access and control cameras you own or administer. Avoid using stream-url in shared terminals or chats because it can reveal the camera password. Prefer environment variables or a protected config file with strict permissions, and review any recording, PTZ movement, preset changes, or discovery/add operations before allowing an agent to run them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The `stream-url|url` command prints a fully authenticated RTSP URL, embedding the camera username and password in cleartext. This exposes credentials to terminal history, logs, calling processes, screenshots, and clipboard sharing, turning a convenience feature into direct credential disclosure.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The `rtsp_url()` helper constructs and returns an RTSP URL containing the raw username and encoded password, and that value is later exposed by the `stream-url` command. Even though the password is URL-encoded for syntax safety, it is still fully recoverable and can be used to access the camera if the output is captured or shared.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation encourages network camera discovery and automatic addition to configuration without warning that discovery performs network scanning and that --add persists discovered devices into local config. In a camera-management context, this is more sensitive than ordinary networking because it inventories devices on the local network and may store endpoints and credentials-related metadata for surveillance equipment.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documents snapshot and recording features without warning that captured frames and clips may contain sensitive visual data, including people, private spaces, and security-relevant information. In the context of IP cameras, silent capture/storage is especially risky because it can create privacy, compliance, and data-retention issues even when used as intended.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer creates a persistent camera configuration file in the user's home directory containing fields for usernames and passwords, but it does so automatically and only warns after writing the file. Even though the password is a placeholder, this encourages storing sensitive camera credentials in plaintext and may lead users to populate the file without considering local exposure, backups, or file-permission risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Sensitive connection data is printed without any warning, confirmation, or masking. In this skill's context, camera credentials grant access to live video streams and potentially broader camera functions, so silent disclosure materially increases the risk of privacy compromise and unauthorized surveillance.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The discover --add flow writes camera usernames and passwords directly into a JSON config file on disk, but the write site provides no explicit warning about plaintext credential storage or file permissions. In a camera-control skill, these credentials grant access to video streams and PTZ functions, so disclosure could expose surveillance feeds and device control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal