Skillv1.0.0

ClawScan security

Text To Video No Filter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 5:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches a text→video service (it talks to nemo API and uses NEMO_TOKEN), but there are inconsistencies and a few instructions that broaden its access and hide technical detail — you should verify the external service and why the skill would need access to local config before installing.
Guidance: This skill will send your text and any uploaded files to an external API (mega-api-prod.nemovideo.ai) and will use a NEMO_TOKEN from the environment if present or obtain an anonymous token automatically. Before installing: 1) Verify the skill's source and that you trust nemovideo.ai to receive your files (do not upload sensitive/private data). 2) Ask the publisher why the SKILL.md frontmatter lists ~/.config/nemovideo/ when the registry metadata did not — if the skill will read that directory, understand what it contains. 3) Be aware the instructions tell the agent to ‘keep technical details out of the chat’ — this can hide network or file activity; insist on visible logging or confirmation. 4) If you must use the skill, prefer using a disposable/ephemeral token (do not store long-lived secrets) and test with non-sensitive sample files first. If you can get the author to remove the unexplained config-path requirement and to be explicit about file reads/uploads and what headers/metadata are sent, the risk profile would be clearer.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (unrestricted text→video generation) match the runtime instructions to call a Nemo video backend and upload user files. Requesting a NEMO_TOKEN credential is appropriate for that purpose. However, the SKILL.md frontmatter lists a config path (~/.config/nemovideo/) while the registry metadata earlier reported no required config paths — that mismatch is unexplained and worth questioning.
Instruction Scope: concernInstructions direct the agent to upload user-supplied files (multipart uploads using local file paths) and to obtain an anonymous token if NEMO_TOKEN is absent. Those behaviors are plausible for a file-upload video service, but the instructions also say 'Keep the technical details out of the chat,' which suppresses transparency about network activity. The SKILL.md also requires platform autodetection from install path (potentially reading filesystem paths) and mandates custom attribution headers for every call — both increase the chance the agent will inspect local environment or paths beyond what the description explicitly promises.
Install Mechanism: okThis is instruction-only with no install spec or downloaded code, so there is no installer risk or archive extraction. Network calls are defined in the instructions, which is the primary runtime surface.
Credentials: noteOnly one credential (NEMO_TOKEN) is declared as required, which is proportionate. But the SKILL.md frontmatter also lists a config path (~/.config/nemovideo/) that was not listed in the registry summary — requesting access to a user config directory could allow reading local files, and that need is not justified by the description. The skill also instructs generating a UUID and calling an auth endpoint to obtain anonymous tokens when NEMO_TOKEN is absent, which is reasonable but means the skill will contact an external service automatically.
Persistence & Privilege: okThe skill is not always-on (always: false) and doesn't request elevated or persistent platform privileges in the registry. Autonomous invocation is allowed (platform default) but does not appear to be combined with broad unexplained credential requests.