Skillv1.0.0

ClawScan security

Image To Video No Ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 6:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with its stated purpose (upload images and request remote rendering); it asks only for a service token and describes calling that service's API to create videos.
Guidance: This skill will upload any images you send to the external domain https://mega-api-prod.nemovideo.ai and use an API token (NEMO_TOKEN) to create/session and render videos. If you don't provide a token, the skill will call the service's anonymous-token endpoint to obtain one and store the returned token/session for subsequent requests. Before installing or using it, consider: (1) Are you comfortable with your images being sent to that third-party service? (2) Verify the service/domain is legitimate and read its privacy/retention policy for uploaded media. (3) If you prefer not to persist a long-lived token, supply an ephemeral token or clear stored credentials after use. (4) Note the small metadata mismatch (config path listed in the skill YAML but not in registry) — this appears to be a bookkeeping inconsistency, not a functional red flag. If you need absolute offline guarantees, do not install or use this skill because its whole function is remote rendering.

Review Dimensions

Purpose & Capability: okThe skill is an instruction-only adapter for a remote image→video rendering service. Requesting NEMO_TOKEN (the API token) fits the described behavior. Minor inconsistency: the SKILL.md frontmatter names a config path (~/.config/nemovideo/) while the registry metadata reports no required config paths — this is likely a bookkeeping mismatch but does not change capability alignment.
Instruction Scope: noteThe instructions stay within the stated purpose: obtain/validate a token, create a session, upload images, drive edits via SSE, poll for export and return download URLs. They do instruct generating an anonymous token automatically if NEMO_TOKEN is not present and storing session_id/token for subsequent calls. The doc also mentions deriving an attribution header from the agent's install path (checking ~/.clawhub/ or ~/.cursor/skills/), which implies the agent may inspect its runtime/install path; this is a small scope expansion but understandable for attribution. No instructions read unrelated system files or request unrelated credentials.
Install Mechanism: okThere is no install spec and no code files — the skill is instruction-only, so nothing is written to disk by an installer. This is the lowest-risk install model.
Credentials: okOnly one environment credential is declared (NEMO_TOKEN) and is necessary to authenticate to the described API. The skill can generate an anonymous token if none is present; no other secrets or unrelated env vars are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated privileges or modify other skills. It asks to store a session_id/token for use during the session, which is expected for a remote service client. Autonomous invocation is allowed but that is the platform default and not in itself unusual here.