Photo Webcam

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public webcam snapshots and sends the requested images through Telegram as described.

Install this only if you want your agent to fetch public webcam images and send them via your configured OpenClaw/Telegram channel. Review the favorites list before use, avoid adding private or internal URLs, and make sure the Telegram target is the chat you expect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly directs the agent to send retrieved images to a Telegram chat via the openclaw CLI, but it does not require any user-facing notice or confirmation that data will be transmitted to an external messaging service. This is risky because local or remotely fetched content may be exfiltrated to a third-party destination without sufficiently informed user consent, especially when combined with user-modifiable favorites or URLs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal