camsnap
ReviewAudited by ClawScan on May 11, 2026.
Overview
The skill mostly matches its webcam-snapshot purpose, but its instructions pass user arguments directly into a Bash command, which could allow unintended shell execution if not safely quoted.
Review this skill before use because it accesses your webcam and saves images locally, and avoid passing complex or untrusted output paths until the Bash argument handling is made safer. There is no evidence of network exfiltration or hidden persistence in the provided code.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted output path could potentially make the agent run unintended local commands with the user's permissions.
The skill tells the agent to run Bash with raw argument text. If an output path is interpolated without shell escaping, shell metacharacters could execute commands before the Python script's path validation runs.
python {{SKILL_DIR}}/camsnap.py {{ $ARGUMENTS }}Use only simple, trusted output paths. The skill should be changed to avoid raw Bash argument interpolation, quote arguments safely, or invoke the Python script through a structured argument interface.
When invoked, the skill can activate the webcam and save a photo of the user's surroundings locally.
The script opens the default webcam and saves the captured frame to disk, which matches the stated purpose but is privacy-sensitive.
cap = cv2.VideoCapture(0) ... success = cv2.imwrite(output_path, frame)
Invoke it only when you intend to take a photo, verify the saved file path, and delete snapshots you do not want retained.