ESP32-CAM Eyes

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ESP32 camera setup guide, but it creates an unauthenticated network camera that could expose private images on a local network or fallback hotspot.

Review before installing. Use this only on a trusted, isolated guest or IoT network, do not expose the camera to the internet, replace the fallback AP password with a strong unique one, avoid committing real Wi-Fi credentials in firmware source, and add authentication or other access controls before using it in private spaces.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guide instructs users to deploy a camera web server with unauthenticated HTTP endpoints for snapshots and live streaming, and even falls back to AP mode with a known default password. Anyone on the same network, or within range of the AP, could access the feed and capture images without authorization, creating avoidable privacy and local-network exposure risks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The example firmware embeds Wi-Fi credentials directly in source and also uses a weak default AP password (`12345678`) in fallback mode. This encourages insecure secret handling and predictable access to the device, making unauthorized connection or accidental credential disclosure more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal