Skills
skills/yuiseki/ai-secretary/vacuumtube-live-cam-tile-full/Gen Agent Trust Hub

vacuumtube-live-cam-tile-full

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically generates a JavaScript file at /tmp/codex_kwin_layout_4cams_full.js using shell-interpolated variables (PIDs and screen dimensions).
  • The generated script is then loaded and executed via the org.kde.KWin /Scripting DBus interface to precisely position application windows.
  • [COMMAND_EXECUTION]: Extensive use of system administration and X11 utilities to manipulate the desktop environment, including:
  • xrandr and awk to parse display dimensions.
  • lsof to identify process IDs associated with specific network ports (9993-9996).
  • qdbus to communicate with the KWin window manager.
  • pactl to manage and verify audio sink mute states.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the YouTube TV interface at https://www.youtube.com/tv/ to load specific live camera streams. These interactions are performed via CDP (Chrome DevTools Protocol) using a local Node.js script.
  • [DATA_EXFILTRATION]: The skill accesses the ~/.Xauthority file. While this is a sensitive security cookie for X11, it is used here to ensure the script has the necessary permissions to interact with the local display server.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 04:47 PM