Skillv1.0.0

ClawScan security

Editor Zh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match a cloud video-editing service (NEMO_TOKEN, upload endpoints, render flow), but there are inconsistencies and privacy/operational concerns (unknown source, mismatched metadata, platform-detection instructions that require inspecting install paths, and mandatory uploads to a third‑party API) that deserve caution before installing or using with sensitive footage.
Guidance: This skill appears to implement a cloud-based Chinese video editor and will upload whatever files you drop into the chat to a third‑party API (mega-api-prod.nemovideo.ai). Before installing or using it: 1) Be cautious with sensitive footage — test first with innocuous clips. 2) Verify the skill's origin/source or prefer a skill with a published homepage/repo and privacy policy. 3) Note the SKILL.md claims a config path (~/.config/nemovideo/) and asks the agent to detect its install path for attribution headers — ask the publisher to clarify why filesystem/install-path access is needed. 4) If you must use it, consider using a disposable NEMO_TOKEN or anonymous token, and restrict autonomous invocation or audit exported requests. 5) Ask the publisher to resolve the metadata mismatch and provide a privacy/storage/retention statement.

Review Dimensions

Purpose & Capability: concernThe declared purpose (cloud Chinese video editing) aligns with required credential NEMO_TOKEN and the documented endpoints for uploading, SSE, and rendering. However: the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) while the registry metadata lists no required config paths — an inconsistency. Also the skill has no homepage or published source repository, which reduces transparency for a networked/cloud integration.
Instruction Scope: concernThe runtime instructions direct the agent to upload user-supplied video/audio files and session state to external endpoints and to include persistent attribution headers on every request. That is expected for a cloud editor, but the SKILL.md also instructs the agent to auto-detect 'install path' to set X-Skill-Platform and to ensure headers match the frontmatter — this implies the agent may need to inspect its filesystem/installation environment. The flow includes automatic anonymous token acquisition if no token present, which is coherent but means the skill can obtain credentials and then perform uploads without additional user action. There are no explicit instructions about what user data is retained by the remote service.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. That reduces install-time risk. The requirement to detect an install path (for attribution header) is odd given no install happened, but that is an instruction-level issue rather than an install mechanism risk.
Credentials: noteOnly NEMO_TOKEN is required and is the primary credential — this is proportionate for a cloud API. The skill explicitly supports generating an anonymous token via an API if no env var is set. No unrelated secrets or multiple credentials are requested. The small mismatch between registry metadata (no config paths) and SKILL.md frontmatter (lists a config path) should be clarified.
Persistence & Privilege: noteThe skill is not 'always:true' and uses the normal autonomous-invocation default (disable-model-invocation: false). Autonomous calls will upload files to the third-party API and start render jobs, which is expected behavior for an editor but increases blast radius if the skill is compromised. The skill does not request to modify other skills or global config (beyond saving its session_id), which is good.