ClawHub

Donor Stewardship Video

v1.0.0

Nonprofits that send personalized thank-you and impact videos to donors retain 45% more of their donor base year over year than organizations sending only wr...

0· 28·0 current·0 all-time
by@imo14reifey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description describe a donor-focused video-generation service. Requesting a single API credential named NEMO_TOKEN and a Nemovideo config path is coherent with a third-party video API being used to create/export personalized videos.
Instruction Scope
The SKILL.md is high-level and does not provide concrete, bounded runtime steps — it simply says 'Upload your impact data and donor information' and 'Donor Stewardship Video creates...' without specifying endpoints, how uploads occur, or how the agent should handle local donor files. That vagueness gives the agent broad discretion and lacks privacy/retention guidance.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by an installer, which lowers immediate installation risk.
Credentials
Only one credential (NEMO_TOKEN) is required, which is proportionate for an API-backed service. However the metadata also lists a config path (~/.config/nemovideo/) that could allow the skill to read local configuration or cached credentials — the SKILL.md does not explain why the config path is needed or what will be read from it.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated or permanent platform privileges and there is no install behavior that modifies other skills or global agent settings.
Assessment
This skill appears to be a wrapper for a third‑party video service and its single required variable (NEMO_TOKEN) is reasonable for that purpose, but before installing: 1) confirm what endpoint(s) donor data is uploaded to and review that service's privacy/security policy (encryption, retention, access controls); 2) ask whether the skill will read ~/.config/nemovideo/ or any local files and why; 3) avoid supplying a high‑privilege token — use a scoped/test token if possible; and 4) don't provide real donor PII until you verify data handling and storage. If the vendor or SKILL.md can provide concrete upload steps, endpoint URLs, and a data-processing statement, that would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ats1zmfesbbqhqpsayp5cd848tcz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎁 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments