← Back to Skills Marketplace
photonixlaser-ux

Synology Surveillance

by photonixlaser-ux · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
1161
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install synology-surveillance-skill
Description
Steuere Synology Surveillance Station Kameras über die Web API. Nutze diesen Skill für Snapshots, Live-Streams, Aufnahmen, PTZ-Steuerung und Ereignis-Überwachung. Erfordert Synology NAS mit Surveillance Station.
Usage Guidance
This skill appears to implement legitimate Synology API calls, but there are several issues to consider before installing: - Metadata vs reality: The registry says no environment variables are required, yet the script needs SYNOLOGY_PASS (and usually SYNOLOGY_USER). Ask the publisher to declare required env vars and mark the primary credential. - Do not store credentials in plaintext files (TOOLS.md). Prefer using the platform's secret store or environment variables protected by the agent host. - The SKILL.md recommends disabling 2FA for the API user — avoid doing this if possible. Create a dedicated, scoped service account with minimal privileges and use HTTPS. - The script contains a bug in BASE_URL generation: it uses "http${SYNO_HTTPS:+s}://..." and because SYNO_HTTPS defaults to the non-empty string "false" this will expand to "https://" even when the user intends HTTP. That can cause port/protocol mismatches. The conditional should check the value (e.g., test for "true") rather than non-empty. - The skill uses plain HTTP examples and may send passwords over unencrypted connections. Ensure you use HTTPS (and correct ports) when exposing credentials or run it only on a trusted LAN. - Because this is an instruction+script package from an unknown source, review the shell script line‑by‑line locally before running it, and test with a throwaway surveillance account and network-isolated NAS if possible. If you intend to use it: ask the author to (1) fix the SYNO_HTTPS logic, (2) declare required env vars in the package metadata, and (3) remove guidance to disable 2FA and to store passwords in TOOLS.md (or explicitly document secure alternatives). Once those are addressed the package would be much more acceptable.
Capability Analysis
Type: OpenClaw Skill Name: synology-surveillance-skill Version: 0.1.0 The skill is designed to control Synology Surveillance Station cameras via its Web API. The `SKILL.md` provides clear instructions for the AI agent and user, without any prompt injection attempts or instructions to perform actions outside the stated purpose. The `scripts/syno-surveillance.sh` bash script correctly implements the described functionality, using `curl` to interact with the user-configured Synology NAS and `jq` for JSON parsing. It handles session cookies in a temporary file and cleans up. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation. The handling of credentials (password) is necessary for the skill's function and is done via environment variables or `TOOLS.md`, which are standard mechanisms for OpenClaw skills.
Capability Assessment
Purpose & Capability
The skill actually implements a CLI that talks to the Synology Surveillance Station Web API, which matches the name/description. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none', while SKILL.md and scripts clearly require SYNOLOGY_USER and SYNOLOGY_PASS (and respect SYNOLOGY_HOST/PORT/HTTPS). This mismatch between declared requirements and actual runtime needs is an incoherence that should be resolved.
Instruction Scope
SKILL.md instructs the user to add credentials to a TOOLS.md file (plaintext) and to disable 2FA for the API user; both are security‑risky recommendations. The script creates a temporary cookie file in /tmp and removes it on exit (expected) and performs only Synology API calls. However the SKILL.md also provides curl examples over plain HTTP and the script has a logic bug (see below) that may cause unexpected network behavior. Overall the instructions go slightly beyond safe defaults (storing plaintext, disabling 2FA, recommending HTTP) and therefore are concerning.
Install Mechanism
No install spec — this is instruction + a single shell script. No packages are downloaded or installed by the skill itself. This is the lowest install risk category.
Credentials
The runtime requires SYNOLOGY_USER and SYNOLOGY_PASS (and optionally SYNOLOGY_HOST/PORT/HTTPS/jq), but the registry metadata did not declare these. Asking users to put passwords into TOOLS.md (plain text) is disproportionate and risky. The script reads only local Synology credentials and does not request unrelated cloud keys, but the absence of declared required env vars and the implicit requirement to supply a password are inconsistent and unsafe in practice. Also SKILL.md suggests disabling 2FA which reduces credential protection.
Persistence & Privilege
always:false and the script only writes a temporary cookie file (/tmp/syno_session_$$.cookie) which is removed on exit via trap. The skill does not request persistent system-wide privileges or modify other skills. No elevated persistence is requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install synology-surveillance-skill
  3. After installation, invoke the skill by name or use /synology-surveillance-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of synology-surveillance-skill. - Control Synology Surveillance Station cameras via Web API. - Supports camera listing, snapshots, live-stream URL generation, recordings, PTZ control, and event log viewing. - Quickstart and troubleshooting guides included. - Requires Synology NAS with Surveillance Station and API user without 2FA. - Integration example for Home Assistant provided.
Metadata
Slug synology-surveillance-skill
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Synology Surveillance?

Steuere Synology Surveillance Station Kameras über die Web API. Nutze diesen Skill für Snapshots, Live-Streams, Aufnahmen, PTZ-Steuerung und Ereignis-Überwachung. Erfordert Synology NAS mit Surveillance Station. It is an AI Agent Skill for Claude Code / OpenClaw, with 1161 downloads so far.

How do I install Synology Surveillance?

Run "/install synology-surveillance-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Synology Surveillance free?

Yes, Synology Surveillance is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Synology Surveillance support?

Synology Surveillance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Synology Surveillance?

It is built and maintained by photonixlaser-ux (@photonixlaser-ux); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments