ClawHub

Synology Surveillance

v0.1.0

Steuere Synology Surveillance Station Kameras über die Web API. Nutze diesen Skill für Snapshots, Live-Streams, Aufnahmen, PTZ-Steuerung und Ereignis-Überwachung. Erfordert Synology NAS mit Surveillance Station.

0· 1.1k·0 current·0 all-time
by@photonixlaser-ux
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill actually implements a CLI that talks to the Synology Surveillance Station Web API, which matches the name/description. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none', while SKILL.md and scripts clearly require SYNOLOGY_USER and SYNOLOGY_PASS (and respect SYNOLOGY_HOST/PORT/HTTPS). This mismatch between declared requirements and actual runtime needs is an incoherence that should be resolved.
!
Instruction Scope
SKILL.md instructs the user to add credentials to a TOOLS.md file (plaintext) and to disable 2FA for the API user; both are security‑risky recommendations. The script creates a temporary cookie file in /tmp and removes it on exit (expected) and performs only Synology API calls. However the SKILL.md also provides curl examples over plain HTTP and the script has a logic bug (see below) that may cause unexpected network behavior. Overall the instructions go slightly beyond safe defaults (storing plaintext, disabling 2FA, recommending HTTP) and therefore are concerning.
Install Mechanism
No install spec — this is instruction + a single shell script. No packages are downloaded or installed by the skill itself. This is the lowest install risk category.
!
Credentials
The runtime requires SYNOLOGY_USER and SYNOLOGY_PASS (and optionally SYNOLOGY_HOST/PORT/HTTPS/jq), but the registry metadata did not declare these. Asking users to put passwords into TOOLS.md (plain text) is disproportionate and risky. The script reads only local Synology credentials and does not request unrelated cloud keys, but the absence of declared required env vars and the implicit requirement to supply a password are inconsistent and unsafe in practice. Also SKILL.md suggests disabling 2FA which reduces credential protection.
Persistence & Privilege
always:false and the script only writes a temporary cookie file (/tmp/syno_session_$$.cookie) which is removed on exit via trap. The skill does not request persistent system-wide privileges or modify other skills. No elevated persistence is requested.
What to consider before installing
This skill appears to implement legitimate Synology API calls, but there are several issues to consider before installing: - Metadata vs reality: The registry says no environment variables are required, yet the script needs SYNOLOGY_PASS (and usually SYNOLOGY_USER). Ask the publisher to declare required env vars and mark the primary credential. - Do not store credentials in plaintext files (TOOLS.md). Prefer using the platform's secret store or environment variables protected by the agent host. - The SKILL.md recommends disabling 2FA for the API user — avoid doing this if possible. Create a dedicated, scoped service account with minimal privileges and use HTTPS. - The script contains a bug in BASE_URL generation: it uses "http${SYNO_HTTPS:+s}://..." and because SYNO_HTTPS defaults to the non-empty string "false" this will expand to "https://" even when the user intends HTTP. That can cause port/protocol mismatches. The conditional should check the value (e.g., test for "true") rather than non-empty. - The skill uses plain HTTP examples and may send passwords over unencrypted connections. Ensure you use HTTPS (and correct ports) when exposing credentials or run it only on a trusted LAN. - Because this is an instruction+script package from an unknown source, review the shell script line‑by‑line locally before running it, and test with a throwaway surveillance account and network-isolated NAS if possible. If you intend to use it: ask the author to (1) fix the SYNO_HTTPS logic, (2) declare required env vars in the package metadata, and (3) remove guidance to disable 2FA and to store passwords in TOOLS.md (or explicitly document secure alternatives). Once those are addressed the package would be much more acceptable.

Like a lobster shell, security has layers — review code before you run it.

latestvk97711g5xtb3c14cdwjwt5gae180rym1
1.1kdownloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@photonixlaser-ux
latest
Download

Synology Surveillance Station Skill

Steuere deine Überwachungskameras über die Synology Surveillance Station API.

Voraussetzungen

  1. Synology NAS mit installierter Surveillance Station
  2. Benutzer mit Surveillance Station-Rechten
  3. 2FA deaktiviert für den API-Benutzer
  4. jq installiert (apt install jq)

Schnellstart

1. Konfiguration in TOOLS.md

Füge die Verbindungsdaten zu TOOLS.md hinzu:

### Synology Surveillance
- **Host:** 192.168.1.100 (deine NAS IP)
- **Port:** 5000 (HTTP) oder 5001 (HTTPS)
- **User:** surveillance_user
- **Pass:** dein_passwort
- **HTTPS:** false (true falls HTTPS aktiviert)

2. Login testen

./scripts/syno-surveillance.sh login

3. Kameras anzeigen

./scripts/syno-surveillance.sh cameras

Output:

ID: 1, Name: Eingang, Status: 1
ID: 2, Name: Garten, Status: 1
ID: 3, Name: Garage, Status: 0

4. Snapshot erstellen

./scripts/syno-surveillance.sh snapshot 1

Speichert: syno_snapshot_1_1738972800.jpg

5. Ereignisse anzeigen

# Letzte 10 Ereignisse
./scripts/syno-surveillance.sh events

# Letzte 50 Ereignisse
./scripts/syno-surveillance.sh events 50

Verfügbare Befehle

BefehlBeschreibung
loginSession erstellen (wird automatisch bei anderen Befehlen ausgeführt)
logoutSession beenden
camerasAlle Kameras mit ID und Status auflisten
snapshot <id>Snapshot einer Kamera erstellen
record <id> start|stopAufnahme starten/stoppen
events [limit]Ereignis-Log anzeigen
stream <id>Live-Stream URL generieren
ptz <id> <direction>PTZ-Kamera bewegen (left/right/up/down/zoomin/zoomout)
preset <id> <num>PTZ-Voreinstellung anfahren

Umgebungsvariablen

VariableStandardBeschreibung
SYNOLOGY_HOST192.168.1.100NAS IP/Hostname
SYNOLOGY_PORT5000NAS Port
SYNOLOGY_USERadminUsername
SYNOLOGY_PASS(leer)Passwort
SYNOLOGY_HTTPSfalseHTTPS verwenden

Direkte API-Calls

Falls das Script nicht passt, direkt mit curl:

# Login
curl -c cookies.txt "http://192.168.1.100:5000/webapi/auth.cgi?api=SYNO.API.Auth&method=login&version=3&account=USER&passwd=PASS&session=SurveillanceStation&format=cookie"

# Snapshot
curl -b cookies.txt "http://192.168.1.100:5000/webapi/entry.cgi?api=SYNO.SurveillanceStation.Camera&method=GetSnapshot&version=1&cameraId=1" -o snapshot.jpg

API Details

Für komplexere Operationen: references/api.md

Home Assistant Integration

Für Home Assistant Nutzer: Der Skill kann auch für HA Automatisierungen genutzt werden:

shell_command:
  syno_snapshot: "/pfad/zu/syno-surveillance.sh snapshot {{ camera_id }}"

Troubleshooting

  • Login failed: Passwort prüfen, 2FA deaktivieren
  • Permission denied: Benutzer braucht Surveillance Station-Rechte
  • Camera not found: Kamera-ID prüfen mit cameras Befehl
  • Empty snapshot: Kamera offline oder keine Lizenz verfügbar

Lizenz-Hinweis

Surveillance Station benötigt pro Kamera eine Lizenz (2 kostenlose inklusive bei den meisten NAS-Modellen).

Comments

Loading comments...