ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Best Video Gen Script

v1.0.0

Turn a 60-second product explainer concept into 1080p ready-to-use scripts just by typing what you need. Whether it's generating video scripts from text prom...

0· 34·0 current·0 all-time
by@dsewell-583h0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is a cloud-backed video/script generation interface and declares one credential, NEMO_TOKEN, which is coherent with calling a private API (mega-api-prod.nemovideo.ai). Requested config path (~/.config/nemovideo/) and the primaryEnv NEMO_TOKEN match the described backend usage.
Instruction Scope
The SKILL.md gives detailed API call flow (auth, session creation, SSE, uploads, render start/poll). This is in-scope for a cloud render service. It also instructs generating an anonymous token by POSTing to the public API if no NEMO_TOKEN is present, and to read the skill's YAML frontmatter and the install path to build attribution headers — these require network and limited filesystem access (to detect install path/frontmatter). Those operations are explainable for attribution and fallback auth, but worth noting because they perform network calls and read skill metadata at runtime.
Install Mechanism
No install spec or code files are present (instruction-only). That minimizes disk-write risk; the skill relies on network calls to the documented API endpoints rather than installing third-party binaries.
Credentials
Only a single environment variable (NEMO_TOKEN) is required and is justified by the need for Bearer authorization to the described API. No unrelated secrets or broad credential lists are requested.
Persistence & Privilege
always is false and the skill does not request elevated or permanent platform privileges. It does instruct the agent to detect its install path and read its own frontmatter for headers, which is limited in scope and normal for attribution; nothing indicates modification of other skills or system-wide settings.
Assessment
This skill integrates with a remote service at mega-api-prod.nemovideo.ai and expects either an existing NEMO_TOKEN or will request an anonymous token from that API on your behalf. Before enabling: (1) Confirm you trust the nemovideo API and are comfortable uploading media files to it (exports/uploads go to that service). (2) Only put a limited-scope NEMO_TOKEN in your environment (do not reuse broad cloud credentials). (3) Be aware the skill will perform network calls for auth, session management, SSE streaming, uploads, and render requests and will read its own frontmatter/install path to set attribution headers. If any of that is unacceptable, do not provide a persistent token and avoid uploading sensitive files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748dayczsw5w12s6bme6s9bn84qm28

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments