Skillv1.0.0

ClawScan security

Video Cut · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 4:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior largely matches a cloud video-cutting service (it needs a NEMO_TOKEN and uploads user video to mega-api-prod.nemovideo.ai), but there are small inconsistencies and a couple of instructions that expand its scope in ways you should verify before installing.
Guidance: This skill appears to be a frontend for a cloud video-rendering API and will upload your raw video files to https://mega-api-prod.nemovideo.ai. Before installing or invoking it: 1) Confirm you trust the remote service (no homepage or source code is provided here). 2) Be aware the skill will read NEMO_TOKEN from the environment (or obtain an anonymous token if none exists) and may inspect paths in your home directory to set an attribution header or read config (~/.config/nemovideo/). If you don't want any local filesystem reads, do not provide the skill with elevated file access. 3) Ask the publisher for a source or homepage and what data is retained or logged by the backend (retention, who can access uploaded videos). 4) If you must proceed, run it in an environment where exposing NEMO_TOKEN and uploading sensitive footage is acceptable (e.g., test account or isolated VM).

Review Dimensions

Purpose & Capability: noteThe name/description (remote video trimming and exports) aligns with the declared primary credential (NEMO_TOKEN) and the SKILL.md which calls a remote rendering API. Requiring a token to call the service is proportionate. However, the SKILL.md frontmatter lists a config path (~/.config/nemovideo/) while registry metadata shows no required config paths — that mismatch is unexplained.
Instruction Scope: concernInstructions tell the agent to: read NEMO_TOKEN from env (expected); if missing, generate a UUID and obtain an anonymous token by POSTing to the service (expected fallback); create sessions, upload user video files (multipart or via URL), stream SSE, poll render status, and return remote download URLs. These are appropriate for a cloud render service, but the skill also instructs deriving an attribution header (X-Skill-Platform) by inspecting install paths (e.g., ~/.clawhub/ or ~/.cursor/skills/) which implies filesystem inspection beyond just reading the declared env var. The SKILL.md also references a config directory in its metadata. Those filesystem-access expectations are not declared in the registry and broaden the scope of what the agent may read from the host.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing will be written to disk by an installer. This is the lowest-risk install mechanism.
Credentials: noteOnly NEMO_TOKEN is declared as required and is the primary credential; that is coherent with a remote video API. The SKILL.md does not request additional unrelated secrets. It will, however, attempt to fetch an anonymous token if NEMO_TOKEN is absent (by contacting the service), which is reasonable but means the agent will still talk to the remote backend even without explicit credentials.
Persistence & Privilege: okalways is false and the skill does not request special persistent privileges or modify other skills. The only small privilege-like behavior is that it wants to detect install path and optionally read a config dir (~/.config/nemovideo/) per its frontmatter — this implies read access to parts of the user home directory but not system-wide settings.