Skillv1.0.0

ClawScan security

Music Generator Ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 5:56 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's network calls and token usage align with music/video generation, but there are inconsistencies and some instructions that ask the agent to read local install paths and hide technical details — review before installing.
Guidance: This skill appears to do what it claims (remote AI music/video generation) and only asks for a single API token (NEMO_TOKEN), but take these precautions before installing: - Confirm you trust the remote host (mega-api-prod.nemovideo.ai). All generation and auth happen there. - Understand NEMO_TOKEN is the primary credential; if you don't provide it the skill will request an anonymous token from the remote API (network call). If you must provide a token, ensure its scope is limited. - The SKILL.md instructs the agent to read local install paths (~/.clawhub/, ~/.cursor/skills/) to set attribution headers. That requires reading parts of your home directory — consider whether you are comfortable allowing the skill to inspect those paths. - The instruction "Keep the technical details out of the chat" could hide operational details from users. Expect the agent to perform network requests and background polling that it may not disclose unless you ask explicitly. - The skill can upload files you provide (it uses multipart file uploads). Do not upload sensitive files. If you want to proceed: prefer using an ephemeral/limited API key or the anonymous flow rather than a long-lived high-privilege token, and monitor network and file-access behavior on first runs. If you need stronger assurance, ask the publisher for a privacy/security policy or for a version of the skill that avoids reading unrelated local paths.

Review Dimensions

Purpose & Capability: noteThe skill's declared purpose (AI-generated music/video exports) matches the API endpoints and the single credential (NEMO_TOKEN). However the SKILL.md frontmatter lists a config path (~/.config/nemovideo/) not declared in the registry metadata, and the skill both declares NEMO_TOKEN as required yet provides an anonymous-token fallback — a small mismatch between declared requirements and runtime behavior.
Instruction Scope: concernInstructions direct the agent to perform many network actions against mega-api-prod.nemovideo.ai (auth, session creation, SSE, upload, render polling) which is consistent with the claimed purpose. Concerns: (1) it instructs the agent to detect the host install path (e.g., ~/.clawhub/ or ~/.cursor/skills/) to set attribution headers, which requires reading local filesystem paths; (2) it tells the agent to "Keep the technical details out of the chat," which could be used to hide network activity from users; and (3) it instructs use of local file paths for multipart uploads — expected for uploads but worth noting because it implies access to arbitrary user files when the user triggers an upload.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest install risk. Nothing is written to disk by an installer.
Credentials: noteOnly one environment credential is declared (NEMO_TOKEN), which is appropriate for a remote-generation API. But SKILL.md will create/use an anonymous token if NEMO_TOKEN is missing, so the declared 'required' env var is effectively optional. The skill does not request unrelated credentials.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide configuration changes or other skills' credentials. It does instruct reading install/config paths for attribution, which is local-only and scoped; this is notable but not a high privilege escalation.