camsnap
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the 'camsnap' tool via a third-party Homebrew tap ('steipete/tap/camsnap'). While the author may be a known developer, this source is not listed among the Trusted GitHub Organizations or Repositories provided in the security skill scope.
- [COMMAND_EXECUTION] (MEDIUM): The 'camsnap watch' command supports an '--action' parameter, which is designed to execute shell commands or scripts automatically when motion is detected. This creates a surface for executing arbitrary code if the configuration is manipulated.
- [DATA_EXPOSURE] (LOW): The skill manages sensitive data including camera credentials (usernames/passwords) and local network IP addresses. While the examples use placeholders, users should be aware that these credentials are stored in '~/.config/camsnap/config.yaml'.
Audit Metadata