Camsnap
PassAudited by ClawScan on May 11, 2026.
Overview
Camsnap is a coherent local webcam snapshot tool, but it can access the camera, write image files, and its path-safety assurances are limited.
Install/use this only if you are comfortable letting the agent access your webcam on request. Choose output paths carefully, and do not assume the advertised path validation creates a strict filesystem sandbox.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the skill can cause the local camera to capture an image and store it in a file.
The script opens a local webcam and writes the captured frame to disk, which is exactly the stated function but is privacy-sensitive if invoked unintentionally.
cap = cv2.VideoCapture(camera_index) ... success = cv2.imwrite(str(dest), frame)
Use only when you intentionally want a snapshot, and rely on OS camera permissions or agent policy if you want explicit confirmation before camera use.
A user or agent-supplied image path may write outside the expected folder if the process has filesystem permission.
The implementation normalizes paths and checks extensions, but it does not constrain output_path under a fixed base directory or prevent overwriting permitted image paths, so the documented path-traversal protection should be read narrowly.
resolved = Path(path).resolve(); ext = resolved.suffix.lower(); if ext and ext not in _ALLOWED_EXTENSIONS: raise ValueError(...); return resolved
Use explicit trusted output directories and avoid passing untrusted paths; the publisher should either enforce a base directory/non-overwrite policy or soften the path-traversal claim.
Installing or satisfying the dependency may pull code from PyPI in the user's environment.
The OpenCV dependency is expected for webcam capture, but it is an unpinned PyPI dependency and there is no separate install spec in the supplied artifacts.
requires: commands: [python3] pypi: [opencv-python]
Install dependencies from a trusted environment; the publisher could improve supply-chain clarity by pinning versions or documenting the expected package version.