camsnap
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
camsnaptool via a Homebrew formula from a personal repository (steipete/tap/camsnap), which is not included in the trusted vendors list. - [COMMAND_EXECUTION]: The
camsnap watchcommand includes an--actionflag designed to execute arbitrary shell commands when motion is detected. This capability could be exploited for command injection or persistence if malicious actions are configured. - [CREDENTIALS_UNSAFE]: Setup instructions demonstrate passing camera credentials as plaintext command-line arguments (
--userand--pass), which risks exposure in shell history and process lists.
Audit Metadata