Back to skill
Skillv1.0.0
ClawScan security
Image To Video In Firefly · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 5:07 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (convert images to video) lines up with the network calls and single credential it asks for, but metadata inconsistencies, an unknown upstream domain, and instructions that may write/read local config make the package worth extra scrutiny before installing or using with sensitive files.
- Guidance
- This skill appears to do what it says (upload images, create a session, and call nemovideo.ai endpoints), but exercise caution before using it with sensitive content or a high-privilege token. Points to consider before installing/using: 1) Source and trust: the package has no homepage and an unknown owner; verify the nemovideo.ai domain and service reputation before sending images. 2) Image privacy: uploads go to an external cloud renderer — do not upload private or regulated images unless you accept that. 3) Token handling: the skill can generate an anonymous NEMO_TOKEN for you; if you set a NEMO_TOKEN yourself, ensure it does not grant wider access than needed. 4) Local files/config: the SKILL.md hints at reading/writing ~/.config/nemovideo/ and detecting install paths — confirm you’re comfortable with that filesystem access. 5) Operational controls: prefer invoking the skill manually rather than allowing autonomous runs, and monitor network activity the first time it runs. If you want higher assurance, request the upstream service documentation or a signed source/homepage before proceeding.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description match its runtime instructions: it uploads images and calls a cloud render API. The single required credential (NEMO_TOKEN) is appropriate. However the SKILL.md frontmatter advertises a config path (~/.config/nemovideo/) that is not listed in the registry metadata — an inconsistency that suggests the skill expects to read/write local config even though the registry declared none.
- Instruction Scope
- noteInstructions stay within the image→video scope (create session, upload file, SSE stream, poll status, export). They explicitly describe uploading files from local paths and saving session_id. They also include an anonymous-token flow that posts to an external API to obtain a token. Nothing in the SKILL.md instructs reading unrelated system secrets, but the implied use of a local config path and detection of install paths (~/.clawhub, ~/.cursor) means the agent may examine the filesystem to determine X-Skill-Platform or persist session state — that behavior should be confirmed acceptable.
- Install Mechanism
- okInstruction-only skill (no install spec, no code files). This is the lowest-risk install mechanism: nothing is written during a package install step by the registry. Runtime behavior will still perform network calls and may read/write session data locally per the instructions.
- Credentials
- noteOnly NEMO_TOKEN is required as an env var, which is proportionate for a cloud-rendering API. The SKILL.md also documents a flow to obtain an anonymous token via POST if NEMO_TOKEN is not set. The only concern is the metadata inconsistency about configPaths (~/.config/nemovideo/) — if the skill actually reads/writes that directory it increases its filesystem footprint beyond just using the provided NEMO_TOKEN.
- Persistence & Privilege
- okThe skill does not request always:true or other elevated privileges. It stores a session_id as part of normal operation (expected). Autonomous invocation is allowed (platform default) but is not exceptional here.