Skillv1.0.0

ClawScan security

Editor Ab2n 0330 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 3:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (remote AI video editing) matches the network calls and token usage, but there are small inconsistencies and behavior (auto-provisioning tokens, implicit config-path use, and metadata mismatch) that merit caution before installing or using with sensitive content.
Guidance: This skill appears to do what it says (remote AI video editing) and will upload your raw video to mega-api-prod.nemovideo.ai for processing. Before installing or using it: - Be aware that uploads go to a third-party server; do not send sensitive or private video content unless you trust that service and its privacy policy. - The skill will try to use a NEMO_TOKEN if present, but will also automatically obtain an anonymous token from the backend if none is provided — so it can operate without you providing credentials. - The SKILL.md mentions a config path (~/.config/nemovideo/) that is not listed in the external registry metadata; ask the publisher which local files (if any) the skill will read or write before allowing access. - If you need assurances, request the vendor/homepage, a privacy policy, or an allowlist of exactly what HTTP endpoints and local paths will be accessed. Given the metadata inconsistencies and automatic token provisioning, proceed with caution; treat uploads as public to the service unless you confirm otherwise.

Review Dimensions

Purpose & Capability: okName/description (polished video edits) align with the runtime instructions: the SKILL.md describes uploading video, SSE-based editing, and cloud rendering via the nemovideo.ai API. Requiring an API token for a remote editing backend is reasonable.
Instruction Scope: noteInstructions instruct the agent to call external endpoints (mega-api-prod.nemovideo.ai) for auth, session creation, uploads, SSE, and rendering — all consistent with a remote editing service. The skill also instructs detecting the install path to set X-Skill-Platform and to hide raw API responses/tokens from users; this implies the agent will read certain local paths and hold tokens/sessions in memory. That behavior is explainable for attribution and session management but expands scope beyond pure text processing (file I/O and local path detection).
Install Mechanism: okInstruction-only skill (no install spec, no code files) — lowest install risk. All runtime operations are HTTP requests; nothing is downloaded or written by an installer step as part of skill installation.
Credentials: concernRegistry lists NEMO_TOKEN as the primary credential which is proportional, but SKILL.md also includes metadata claiming a config path (~/.config/nemovideo/) while the registry metadata (above) lists no required config paths — an inconsistency. The skill will also auto-request an anonymous token if NEMO_TOKEN is not present, meaning it can obtain credentials from the backend itself. Automatic token acquisition is not inherently malicious but you should know it allows the skill to operate without an explicit user-provided key; it will also store session_id for subsequent requests.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide privileges. It indicates storing session IDs for use during a session but does not instruct modifying other skills or global agent configuration. Autonomous invocation is enabled (default) but this is normal for skills and not alone a red flag.