Skillv1.0.0

ClawScan security

How To Add Music To Canva Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 5:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (upload videos and call an external rendering API), but there are small incoherences (a declared config path that the instructions never use and header behavior that implies reading install paths) that merit caution before installing or granting tokens.
Guidance: This skill calls an external service (https://mega-api-prod.nemovideo.ai) and will upload your video files and use an API token (NEMO_TOKEN). Before installing or using it: (1) Confirm you trust nemovideo.ai and are comfortable uploading the videos you plan to process (don’t upload sensitive or private footage). (2) Prefer setting NEMO_TOKEN yourself rather than allowing the skill to auto-generate and persist tokens for you; tokens created automatically are valid for 7 days. (3) Ask the skill author what 'storing' the session_id/token entails and where files/tokens are saved (in-memory vs written to ~/.config/nemovideo/). (4) If you don’t want the agent reading install paths or local config, ask the developer to remove the install-path-derived header logic and the unused configPaths metadata. (5) Use a disposable token/credit account if you’re unsure, and avoid uploading content with sensitive PII or credentials embedded in media.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: the SKILL.md documents uploading video files and calling nemovideo.ai render endpoints. Requesting a NEMO_TOKEN is consistent with that purpose. However the metadata also declares a config path (~/.config/nemovideo/) and logic for deriving X-Skill-Platform from the agent's install path — neither of which are actually referenced or justified in the runtime steps. That mismatch is unexplained and unnecessary for the described task.
Instruction Scope: noteThe runtime instructions stay focused on interacting with the external nemo API: check/create a token, create a session, upload files, stream SSE, start renders, poll status, and return a download URL. The instructions do not ask to read arbitrary user files or other credentials. Two scope ambiguities: (1) they instruct the agent to 'store' session_id and token but do not specify where or how — this could imply persistent storage; (2) headers derived from install path suggest the agent may inspect its install environment (file-system path detection), which broadens the attack surface if implemented.
Install Mechanism: okNo install spec and no code files — instruction-only skill. That is the lowest-risk install model; nothing is downloaded or written by an installer as part of the skill package itself.
Credentials: concernOnly NEMO_TOKEN is required, which is proportional for a service that needs authorization. However the declared configPaths (~/.config/nemovideo/) is not justified by the instructions and would grant local filesystem access to a service-specific config directory if the agent reads it. Also the skill auto-generates an anonymous token via the remote API and (implicitly) suggests persisting it, which you should treat as sensitive since the token unlocks uploads/exports and carries credits.
Persistence & Privilege: okalways:false (no forced permanent presence) and the skill does not request system-wide privileges. Autonomous invocation is allowed (platform default) which, combined with network access and an API token, increases blast radius but is normal for skills that call external APIs. There is no instruction to modify other skills or system-wide agent settings.