Skillv3.0.0

ClawScan security

SmartEye - Agent的眼睛 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 12, 2026, 6:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose (controlling ONVIF PTZ cameras and capturing/analyzing frames); nothing in the package requests unrelated credentials or external installs.
Guidance: This skill appears to do exactly what it says: control ONVIF PTZ cameras and capture frames. Before installing, consider: 1) camera credentials are stored in camera-devices.json in your workspace—replace example passwords and protect that file (file permissions, do not expose it to others); 2) ONVIF/RTSP traffic is usually plaintext—use only on a trusted internal network and do not expose cameras to the public Internet; 3) snapshots are saved locally and the skill instructs the agent to use an image tool to analyze them—if your agent's image tool sends images to external services, those captured frames could be transmitted off-host; 4) the code disables SSL verification in places for convenience (common in device tooling) — this reduces transport authenticity but is typical for local device control; 5) SKILL.md describes an "instruction-only" skill but the package includes code and a dependency on opencv-python; ensure your environment can satisfy opencv and you are comfortable running the packaged code. If you need stronger guarantees, review/inspect the included Python files locally (they are bundled with the skill) and ensure camera-devices.json uses correct internal IPs and secure passwords.

Review Dimensions

Purpose & Capability: okName/description match the implementation: code implements ONVIF/PTZ control, RTSP snapshot capture (opencv), VLC launching, and multi-camera snapshot search. No unrelated environment variables, external cloud credentials, or surprising binaries are requested; camera credentials are provided via the local camera-devices.json config as expected for this purpose.
Instruction Scope: okSKILL.md describes the same behaviors the code implements: copying a bundled template to ~/.openclaw/workspace/camera-devices.json, reading camera credentials from that file, taking snapshots, opening RTSP in VLC, and producing snapshot paths for AI/image analysis. The runtime instructions and code do not read unrelated system files or hidden endpoints. They do perform network requests to the camera hosts specified in the config (expected for camera control).
Install Mechanism: noteNo install spec is present (the package relies on included code and a pyproject listing opencv-python). This is consistent with a local skill bundle, but the SKILL.md earlier said "instruction-only" while the package includes code—this is an informational mismatch (not necessarily malicious). There are no download-from-URL installs or obscure external installers.
Credentials: okThe skill requests no environment variables or external credentials. It does require plaintext camera credentials stored in camera-devices.json (username/password per camera) which is proportional and expected for direct device control. The README warns about replacing example passwords and keeping the file on an internal network. No unrelated secrets are requested or embedded.
Persistence & Privilege: okalways:false and the skill does not request system-wide privileges. It copies a bundled template into the user's workspace path (~/.openclaw/workspace) on first run (documented), which is reasonable. The skill does not modify other skills' configs or enable itself globally.