camsnap
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata triggers the installation of a third-party binary via a Homebrew tap ('steipete/tap/camsnap'). This introduces an external dependency from a source not explicitly trusted or managed by the vendor.
- [CREDENTIALS_UNSAFE]: Setup instructions demonstrate passing camera credentials (username and password) as plaintext command-line arguments. This practice can lead to credential exposure in shell history or process monitoring tools.
- [COMMAND_EXECUTION]: The skill utilizes the 'camsnap' command-line utility. The 'watch' command supports an '--action' parameter designed to execute shell commands upon motion detection, which constitutes a capability for arbitrary command execution.
Audit Metadata