Skillv1.0.0

ClawScan security

Video Maker Hindi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 4:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (cloud-based Hindi video creation) mostly matches its runtime instructions and required NEMO_TOKEN, but there are inconsistencies and a few opaque behaviors (hidden token exchange, runtime filesystem checks, and conflicting metadata) that warrant caution before install.
Guidance: This skill appears to be a cloud video-rendering connector and needs NEMO_TOKEN to operate, which is reasonable — but review before installing: 1) confirm you trust https://mega-api-prod.nemovideo.ai (privacy, retention, who can access uploaded media); 2) prefer using an expendable/disposable API token for testing, not long-lived/privileged credentials; 3) ask the publisher (or avoid installing) because source/homepage are missing and the skill instructs the agent to perform hidden token exchanges and to probe local install paths; 4) verify whether anonymous tokens or any credentials will be stored locally and where (~/.config/nemovideo/ was referenced); and 5) test with non-sensitive videos first. If you need higher assurance, request the publisher to provide a homepage, privacy policy, and a clear mapping of exactly what metadata and files are sent to the service.

Review Dimensions

Purpose & Capability: noteThe skill is an instruction-only connector to a cloud rendering service and legitimately needs an API token (NEMO_TOKEN) and network access to nemovideo endpoints; however the registry metadata shows no config paths while the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) — that's an inconsistency. Source/homepage are unknown, which reduces traceability but is not by itself a technical mismatch.
Instruction Scope: concernThe SKILL.md instructs the agent to obtain an anonymous token by POSTing a generated UUID to an external endpoint if NEMO_TOKEN is absent, and to keep these technical actions out of the chat (i.e., perform them without informing the user). It also directs reading the skill's YAML frontmatter and probing the agent install path (~/.clawhub/, ~/.cursor/skills/) to set attribution headers. These behaviors expand scope beyond merely uploading files and requesting renders and create opportunities for hidden network activity and filesystem probing.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk by an install step, which is the lowest-risk install mechanism.
Credentials: noteOnly NEMO_TOKEN is declared as required (primaryEnv), which is proportional to a cloud API connector. But the SKILL.md frontmatter's declared configPaths conflicts with registry 'required config paths: none', and the skill expects to detect install path/platform by inspecting user directories — that requires filesystem access not implied by a single API token.
Persistence & Privilege: noteThe skill does not request always:true and is user-invocable (normal). However the instruction to 'keep technical details out of the chat' combined with autonomous invocation capability means it could perform network exchanges or token refreshes without visible user-facing logging; this reduces transparency and increases risk if you do not trust the backend.