Ring Doorbell & Camera
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent Ring camera integration, but it necessarily handles sensitive Ring credentials, tokens, and camera images that users should protect.
Install this only if you want your assistant to access Ring device status, event history, and camera snapshots. Use it on a trusted machine, protect the saved token file, and periodically clean up saved images.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can use the token file may be able to access Ring device information and camera/event data until the token is revoked or expires.
The tool collects Ring login credentials for authentication and saves a reusable Ring token locally. This is expected for a Ring integration and is disclosed, but it grants access to the user's Ring account.
username = input("Enter your Ring email: ").strip()
password = input("Enter your Ring password: ").strip()
...
TOKEN_FILE.write_text(json.dumps(token))Authenticate only on a trusted machine, protect ~/.openclaw/ring_token.json, and delete or revoke the token if you no longer use the skill.
Captured images may remain on disk after the conversation and could be seen by later local users or tools with file access.
Camera snapshots are written to persistent local storage. This is disclosed and fits the feature, but saved images may contain sensitive private scenes.
Images saved to `~/.openclaw/media/ring/`
Periodically review and delete saved snapshots you do not need, especially on shared machines.
The behavior also depends on the installed third-party package and whatever version pip resolves at install time.
The skill relies on an external Python package installed by the user. This is expected for the integration, but the version is not pinned in the instructions.
pip3 install ring-doorbell
Install dependencies from trusted package indexes and consider pinning or reviewing the ring-doorbell package version in sensitive environments.