Skillv1.0.0

ClawScan security

Free Video Generation N8n · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 1:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (cloud video generation) but contains several inconsistencies and privacy-relevant instructions (env-var requirement vs anonymous fallback, filesystem/metadata reads, and mandatory external uploads) that warrant caution.
Guidance: This skill will upload files and use a token (NEMO_TOKEN or an anonymously minted token) to an external service (mega-api-prod.nemovideo.ai). Consider: 1) Do you trust that external domain with any media you upload (sensitive content could be exposed)? 2) The registry claims NEMO_TOKEN is required, but the instructions will create an anonymous token if it’s missing — decide whether you prefer to provide your own token or rely on an auto-generated one. 3) The skill asks the agent to read the skill frontmatter and detect its install path to populate attribution headers — if you’re uncomfortable with software discovering install paths or reading files, avoid installing. 4) Because this is instruction-only, I couldn't inspect runtime network traffic or server behavior; if you proceed, test with non-sensitive files and verify the service’s privacy/terms and the domain’s legitimacy before uploading real data.

Review Dimensions

Purpose & Capability: noteName/description (video generation via n8n) align with the runtime instructions and endpoints (upload, render, credits). However the registry declares NEMO_TOKEN as a required env var while the SKILL.md explicitly provides an anonymous-token fallback flow when NEMO_TOKEN is absent — this is an incoherence between declared requirements and the runtime behavior.
Instruction Scope: concernInstructions direct the agent to call external APIs and upload user files (expected for rendering), but also instruct reading the skill's YAML frontmatter and 'detect from install path' to set X-Skill-Platform — which implies accessing the agent's filesystem/environment. The doc also instructs hiding technical details from the chat, giving the skill discretion to perform network operations out-of-band from the user-visible transcript. These broaden the scope beyond simple request/response.
Install Mechanism: okNo install spec and no code files — instruction-only skill. That minimizes disk writes and installer risk.
Credentials: noteOnly one declared credential (NEMO_TOKEN), which is appropriate for a third-party video service. But the SKILL.md offers to generate and use anonymous tokens if NEMO_TOKEN is missing, and requires sending whichever token is used to the remote API. Requiring a token as 'required' in metadata while providing an anonymous fallback is inconsistent; the token (whether user-provided or anonymously minted) will be transmitted to the external service.
Persistence & Privilege: okalways: false and no requests to modify other skills or system-wide settings. The only filesystem access implied is reading its own frontmatter/agent install path to populate an attribution header.