Camsnap
Capture frames or clips from RTSP/ONVIF cameras.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 9 · 11.8k · 963 current installs · 985 all-time installs
byPeter Steinberger@steipete
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (capture frames/clips from RTSP/ONVIF) aligns with the commands shown (snap, clip, watch) and the need for ffmpeg and a camsnap binary. However the registry metadata reported no install spec or config paths, while the SKILL.md explicitly refers to ~/.config/camsnap/config.yaml and a Homebrew formula—an inconsistency in declared requirements.
Instruction Scope
SKILL.md only instructs use of the camsnap CLI and mentions creating a local config file with camera credentials. It does not ask the agent to read unrelated system files. One area to note: the 'watch --action' usage implies arbitrary actions/commands can be run on motion events — that capability is normal for a camera tool but increases attack surface and should be reviewed.
Install Mechanism
The SKILL.md includes a Homebrew install entry (steipete/tap/camsnap). That is a third-party tap, not a core Homebrew formula, which is moderate risk because taps are less vetted than official releases. Also the registry metadata earlier said 'No install spec', so there's an incoherence between registry and SKILL.md about installation.
Credentials
The skill declares no required environment variables, which is reasonable, but instructs users to create a config file (~/.config/camsnap/config.yaml) containing camera usernames/passwords. The registry did not declare this required config path. Storing camera credentials locally (likely plaintext) is expected for the function but should be explicit and verified before use.
Persistence & Privilege
The skill does not request always:true or broad system privileges and appears to only create/use its own config file in the user's home directory. This is typical and not excessive, though the 'watch' action that can run arbitrary commands increases the practical privilege of whatever binary is installed.
What to consider before installing
This skill appears to do what it says (capture from RTSP/ONVIF), but there are a few things to check before installing: 1) Verify the source of the camsnap binary — SKILL.md references a third-party Homebrew tap (steipete/tap); inspect that tap and the formula to confirm it points to a trustworthy upstream release. 2) Be aware camsnap will store camera credentials at ~/.config/camsnap/config.yaml — ensure you’re comfortable with how it stores secrets (plaintext vs encrypted) and limit access to that file. 3) Review what 'watch --action' runs (it can execute arbitrary commands on motion events); avoid using unsafe actions or give it minimal permissions. 4) Because the registry metadata omitted the install/config details that appear in SKILL.md, prefer to inspect the camsnap project/repo directly before granting it access or installing the binary.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📸 Clawdis
Binscamsnap
Install
Install camsnap (brew)
Bins: camsnap
brew install steipete/tap/camsnapSKILL.md
camsnap
Use camsnap to grab snapshots, clips, or motion events from configured cameras.
Setup
- Config file:
~/.config/camsnap/config.yaml - Add camera:
camsnap add --name kitchen --host 192.168.0.10 --user user --pass pass
Common commands
- Discover:
camsnap discover --info - Snapshot:
camsnap snap kitchen --out shot.jpg - Clip:
camsnap clip kitchen --dur 5s --out clip.mp4 - Motion watch:
camsnap watch kitchen --threshold 0.2 --action '...' - Doctor:
camsnap doctor --probe
Notes
- Requires
ffmpegon PATH. - Prefer a short test capture before longer clips.
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…