ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Free To Video Ai

v1.0.0

convert text or images into generated video clips with this free-to-video-ai skill. Works with MP4, MOV, JPG, PNG files up to 200MB. content creators use it...

0· 41·0 current·0 all-time
by@francemichaell-15
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: all API endpoints, upload, session, SSE, export, and credits flows are for nemovideo.ai. The single required env var (NEMO_TOKEN) is appropriate for authenticating to that service.
Instruction Scope
SKILL.md only instructs interaction with the nemovideo API (auth, session, upload, render, state, credits, SSE). It does not instruct reading unrelated system files or sending data to other endpoints. It tells the agent not to print tokens/raw JSON.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — lowest-risk execution surface. No archive downloads or third-party installs are requested.
Credentials
Only NEMO_TOKEN is declared as required and is appropriate. The frontmatter metadata also lists a config path (~/.config/nemovideo/) which could imply the skill may look for local NemoVideo client config; this is plausible but optional — confirm whether the skill will read that directory or rely solely on the env var.
Persistence & Privilege
Skill is not always-enabled and is user-invocable; it does not request system-wide changes or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
Assessment
This skill appears coherent: it talks to the nemovideo.ai API, authenticates with NEMO_TOKEN (or obtains a short-lived anonymous token), and uploads user media for remote rendering. Before installing, consider: 1) Anything you send (text, images, audio, or video files) will be uploaded to a third-party service — do not upload sensitive or private data. 2) Provide only a Nemo-specific token (NEMO_TOKEN); avoid putting broad cloud credentials in that env var. 3) The frontmatter references ~/.config/nemovideo/ — ask the author whether the skill will read that folder locally (useful for local tokens) or not; grant file access only if you trust the service. 4) Because the skill runs remotely, check NemoVideo's privacy/terms if you care about retention, reuse, or training. If you want extra caution, use the anonymous-token flow or a limited-scope token rather than a long-lived credential.

Like a lobster shell, security has layers — review code before you run it.

latestvk972nx3v60fcpk6dzakhgrnb8n84mp56

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments