Skillv1.0.0

ClawScan security

Ai Video Editor Hugging Face · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 5:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (cloud video editing) but there are inconsistencies and a few items that don't add up — especially the 'Hugging Face' branding vs a Nemo API backend, a required env var that the instructions say can be auto-created, and a request to touch local config/install paths — so inspect before installing or sending sensitive videos.
Guidance: Things to consider before installing/using this skill: - Provider and data flow: The skill sends uploaded videos to mega-api-prod.nemovideo.ai. Verify you trust that domain/operator and read their privacy/data-retention policy before uploading sensitive or private videos. - Branding mismatch: The frontmatter/name mentions Hugging Face but all APIs are 'nemo' endpoints — ask the developer to clarify whether Hugging Face models are actually used, proxied, or if the name is marketing only. - Credential inconsistency: The manifest marks NEMO_TOKEN as required, but the instructions include an anonymous-token flow. Confirm whether you must supply your own NEMO_TOKEN (persistent credential) or whether anonymous tokens are acceptable. - Local file/config access: The instructions imply multipart uploads from local paths and auto-detection of install paths/config (~/.config/nemovideo/). If your agent runtime runs on a machine with sensitive files, be cautious — the skill may need to read local paths to find files or platform info. Do not grant it access to secrets you wouldn't share. - Minimal exposure: If you try it, prefer using the anonymous token flow and non-sensitive sample videos first. If possible, confirm where and how long videos are stored and whether outputs or logs might be public. If you need higher assurance, ask the skill author for: (1) an explicit privacy/data-retention statement for mega-api-prod.nemovideo.ai, (2) clarification on the Hugging Face relationship, and (3) an updated manifest that either makes NEMO_TOKEN optional or explains why it's required.

Review Dimensions

Purpose & Capability: concernThe skill name/description references 'Hugging Face' and 'open‑source Hugging Face models', but every runtime endpoint and credential is for a different service (nemovideo / mega-api-prod.nemovideo.ai and NEMO_TOKEN). That may be legitimate (Nemo could proxy or host HF models) but the manifest and instructions do not explain the relationship; this mismatch is unexpected.
Instruction Scope: noteInstructions tell the agent to obtain/use a NEMO_TOKEN, create a session, stream SSE, and upload video files (multipart or URL). Those actions match a cloud-render video editor. However the SKILL.md explicitly shows multipart uploads using local file paths (e.g. -F "files=@/path"), asks to auto-detect install path for a header, and references saving session_id and tokens — these steps may prompt the agent to read local filesystem paths or config to satisfy headers or file uploads. The skill also instructs generating an anonymous token if no env var is set, which contradicts the manifest claiming NEMO_TOKEN is required.
Install Mechanism: okNo install spec or code files are present (instruction-only), so nothing will be written to disk by an installer. This is low install risk.
Credentials: concernDeclared required env: NEMO_TOKEN (primary credential). The runtime docs however provide an anonymous-token flow to obtain a temporary token if NEMO_TOKEN is not set — so marking NEMO_TOKEN as required in the manifest is inconsistent. The only credential requested is for the nemo service; there are no unrelated credentials, which is appropriate, but the metadata also lists a config path (~/.config/nemovideo/) — it's unclear why filesystem config access is declared or needed.
Persistence & Privilege: okalways:false and no install-time persistence or cross-skill config changes are requested. The skill does instruct storing session_id and token for its own workflow (normal), but it does not request blanket persistent privileges.