camsnap

This skill documentation describes a legitimate local camera capture tool that uses ffmpeg/ffprobe and stores credentials locally. There is no evidence of remote exfiltration, obfuscated code, or third-party credential forwarding. The main security concern is credential management: passwords are stored base64-encoded in ~/.camsnap_credentials (no encryption) and many examples embed credentials directly in RTSP URLs or shell scripts, which risks leaking secrets via process lists, shell history, or backups. Operational guidance should be strengthened: avoid embedding credentials in command lines, use secure secret stores or OS-level keyrings, encrypt credentials at rest, and document secure notification/transfer channels for alerts/artifacts. Overall, I assess low probability of intentional malicious behavior but moderate security risk due to weak credential handling and example patterns that encourage insecure usage.