← Back to Skills Marketplace

Cameras

Name: Cameras
Author: ivangdavila

by Iván · GitHub ↗ · v1.0.1

linuxdarwin ⚠ suspicious

844

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install cameras

Description

Connect to security cameras, capture snapshots, and process video feeds with protocol support.

README (SKILL.md)

Scope

This skill:

✅ Generates camera capture commands
✅ Guides integration with security systems
✅ Provides troubleshooting for camera issues

User-driven model:

User provides camera credentials (RTSP URLs, passwords)
User runs capture commands
User installs required tools

This skill does NOT:

❌ Store camera credentials
❌ Run captures automatically without user request
❌ Access cameras without user-provided access info

Requirements

Required:

ffmpeg — for capture and recording

Optional (user installs if needed):

gphoto2 — for DSLR/mirrorless control
v4l2-ctl — for USB cameras on Linux

Quick Reference

Topic	File
Security camera integration	`security-integration.md`
USB/webcam capture	`capture.md`
DSLR control	`photography-control.md`
Video processing	`processing.md`

Core Rules

1. User Provides Camera Access

When user requests capture:

User: "Snapshot from my front door camera"
Agent: "I need the RTSP URL. Format: rtsp://user:pass@ip/stream
        Provide it or set CAMERA_FRONT_URL in env."
User: "rtsp://admin:[email protected]/stream1"
→ Agent generates: ffmpeg -i "URL" -frames:v 1 snapshot.jpg

2. Common Commands

# Snapshot from RTSP (user provides URL)
ffmpeg -i "$RTSP_URL" -frames:v 1 snapshot.jpg

# Record 10s clip
ffmpeg -i "$RTSP_URL" -t 10 -c copy clip.mp4

# Webcam snapshot (macOS)
ffmpeg -f avfoundation -i "0" -frames:v 1 webcam.jpg

# Webcam snapshot (Linux)
ffmpeg -f v4l2 -i /dev/video0 -frames:v 1 webcam.jpg

3. Protocol Reference

Protocol	Use Case	URL Format
RTSP	IP cameras	`rtsp://user:pass@ip:554/stream`
HTTP	Simple cams	`http://ip/snapshot.jpg`
V4L2	USB cameras	`/dev/video0`

4. Integration Patterns

With Home Assistant:

GET /api/camera_proxy/camera.front_door

User provides HA URL and token.

With Frigate:

MQTT: frigate/events for alerts
HTTP: /api/events/{id}/snapshot.jpg

5. Security

Never log camera URLs with credentials
Recommend user stores URLs in env vars
RTSP streams may be unencrypted — warn about LAN security

Usage Guidance

This skill mostly does what it says (ffmpeg-based capture and local processing) but you should verify a few things before installing: 1) Ask the publisher to list exactly which environment variables and tokens the skill will ask for and why (Anthropic/Google/AWS/HomeAssistant/Ring/Frigate/MQTT). 2) Confirm whether the agent will ever run periodic monitoring or subscribe to MQTT autonomously — require explicit opt-in for continuous captures. 3) Prefer local processing (Frigate/OpenCV) and avoid sending raw snapshots to cloud services unless you understand where they go; if you must use cloud APIs, create limited-scope service accounts / short-lived tokens and rotate them. 4) Test in an isolated network or VLAN with test cameras first, and ensure the agent (or platform) will not log or persist RTSP URLs or credentials. 5) If you need stronger assurances, request an explicit list of outbound endpoints the skill will contact and a privacy/security policy from the author.

Capability Analysis

Type: OpenClaw Skill Name: cameras Version: 1.0.1 The skill bundle is generally benign, providing functionality for camera integration and video processing using standard tools like ffmpeg, gphoto2, and cloud vision APIs. The SKILL.md explicitly promotes user-driven credential handling and warns against logging sensitive data. However, the `security-integration.md` file contains a `curl -k` command for UniFi Protect integration, which disables SSL certificate validation. This creates a Man-in-the-Middle (MITM) vulnerability, allowing potential interception and manipulation of communication with the camera system. This is a significant security flaw, classifying the skill as suspicious due to this vulnerability.

Capability Assessment

⚠ Purpose & Capability

Declared purpose (connect to cameras, capture snapshots, process video) matches required binary ffmpeg and optional camera tooling. However the documentation also instructs use of multiple cloud vision APIs (Anthropic, Google Cloud Vision, AWS Rekognition), Ring/Nest APIs, Home Assistant tokens, and Frigate/MQTT — none of these credentials or endpoints are declared in the skill metadata. Examples also show ONVIF with plaintext creds. The presence of many external integrations without declared credential requirements is an incoherence.

⚠ Instruction Scope

SKILL.md and included files provide concrete commands and agent code that will capture images, run subprocesses, discover networked cameras (ONVIF), subscribe to MQTT, and send images to external vision services. While that is within a camera skill's remit, the instructions reference environment variables and tokens (e.g., CAMERA_FRONT_URL, HA_TOKEN, Ring refreshToken, AWS/Google creds, Anthropic client) that are not declared. The skill claims it will not run captures automatically, yet processing.md contains sample loops for periodic monitoring and event-driven MQTT handling — a scope contradiction that could enable continuous capture if implemented by an agent.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. That keeps the on-disk footprint small and is lower risk than arbitrary downloads or install scripts.

⚠ Credentials

The skill requests no environment variables in metadata but the runtime instructions repeatedly reference env vars and external service tokens (Anthropic, Google, AWS, Home Assistant, Ring, Frigate, MQTT credentials). This mismatch means sensitive credentials are implied by the instructions but not declared or scoped, which increases the chance of accidental credential exposure or unclear authorization boundaries.

ℹ Persistence & Privilege

Skill metadata does not request always: true and uses normal model-invocation defaults. Still, the documentation includes patterns for continuous monitoring and MQTT subscription; if an agent implements those autonomously, that increases blast radius. The skill claims 'does NOT run captures automatically' but supplies example code that would — a small but important contradiction to resolve.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install cameras
After installation, invoke the skill by name or use /cameras
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

User-driven credential model, declared tool requirements

v1.0.0

Initial release - camera integration for agents

Metadata

Slug cameras

Version 1.0.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Cameras?

Connect to security cameras, capture snapshots, and process video feeds with protocol support. It is an AI Agent Skill for Claude Code / OpenClaw, with 844 downloads so far.

How do I install Cameras?

Run "/install cameras" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cameras free?

Yes, Cameras is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cameras support?

Cameras is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin).

Who created Cameras?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.1.

More Skills