Skillv1.0.0

ClawScan security

Generator For Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 4:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions mostly match a video-generator service, but there are noticeable inconsistencies (metadata vs runtime behavior) and a few scope decisions you should review before installing or providing credentials.
Guidance: This skill appears to be a normal cloud video-generator, but there are a few things to check before installing or providing credentials: - Manifest vs runtime mismatch: the metadata says NEMO_TOKEN is required, but SKILL.md says it will obtain an anonymous token automatically. Ask the publisher which behavior is intended and whether an environment token you set will be used or overwritten. - Token handling and network traffic: the skill will send any NEMO_TOKEN (or the anonymous token it obtains) to https://mega-api-prod.nemovideo.ai. Only provide non-sensitive or least-privilege tokens; avoid putting full-production credentials in NEMO_TOKEN unless you trust the service and vendor. - File uploads: the skill will read files you choose to upload from your filesystem and transmit them to the remote service. Do not upload files containing sensitive PII or secrets unless you understand the privacy policy of the remote service. - Unknown source/homepage: the skill has no listed homepage/source. Consider asking the publisher for a source repository or privacy/security documentation before use. - Attribution/metadata: the skill probes common install paths (~/.clawhub, ~/.cursor/skills/) to populate X-Skill-Platform headers. If you are uncomfortable with that filesystem probe, request clarification or run the skill in an environment where those paths do not exist. If you proceed, prefer using an anonymous or throwaway token and test with non-sensitive files first. Request the publisher's documentation or source code to resolve the manifest/runtime inconsistencies — that would raise confidence from 'medium' to 'high.'

Review Dimensions

Purpose & Capability: concernThe name/description match a cloud video-generation service and the skill only needs a single service token (NEMO_TOKEN), which is proportionate. However the manifest declares NEMO_TOKEN as required and lists a config path (~/.config/nemovideo/) while the SKILL.md explicitly describes auto-generating an anonymous token if NEMO_TOKEN is not present. That metadata ↔ runtime mismatch (declared required env vs ability to obtain a token at runtime) is inconsistent and reduces trust in the packaging.
Instruction Scope: noteRuntime instructions direct the agent to: check for NEMO_TOKEN; if absent, POST to https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token to obtain a token; create sessions; upload local files (multipart file=@/path); stream SSEs; and include attribution headers. These actions are expected for a cloud video render service. The skill also instructs reading its own YAML frontmatter for attribution and detecting install paths (e.g., ~/.clawhub, ~/.cursor/skills/) to populate X-Skill-Platform. Reading local files is necessary for uploads, but the install-path probe accesses user home paths — reasonable for attribution but still a filesystem probe. No unrelated sensitive files or broad system scanning are requested.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That minimizes installation risk — nothing is downloaded or written to disk by an installer in the manifest.
Credentials: concernOnly one credential (NEMO_TOKEN) is declared, which fits the stated purpose. However, the skill will automatically fetch an anonymous token from the external API if NEMO_TOKEN is absent, which contradicts the manifest claiming NEMO_TOKEN is required. The manifest also lists a configPath (~/.config/nemovideo/) that the SKILL.md does not explicitly read. These inconsistencies make it unclear what secrets or local config the skill actually needs. Also, the skill instructs sending the NEMO_TOKEN in a Bearer header to the remote service (expected for operation), so any token you provide will be transmitted off-host.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistence and does not modify other skills or global agent settings. Autonomous invocation is allowed (the platform default) but not combined with other high-risk factors here.