ClawHub

Product Tutorial Video — Create Step-by-Step Software and App Tutorial Videos with Screen Recording and Narration

v1.0.1

Your product has 40 features. Your documentation covers all of them. Your users use 6 of them because the rest are too hard to discover without a tutorial. P...

0· 67·0 current·0 all-time
by@imo14reifey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description describe producing annotated tutorial videos from uploaded screen recordings. Requesting a primary credential named NEMO_TOKEN and a config path under ~/.config/nemovideo/ is consistent with a hosted service or CLI client that needs authentication and configuration.
Instruction Scope
SKILL.md only instructs the agent to accept uploads, specify steps, and export annotated videos; it does not instruct reading unrelated system files or environment variables. However the document does not explicitly state how or where uploads are sent (no service domain or API endpoints), and it does not show how NEMO_TOKEN or the config path are used at runtime.
Install Mechanism
This is an instruction-only skill with no install spec or shipped code, so nothing will be written to disk by an installer. That lowers installation risk.
Credentials
Requesting a single service token (NEMO_TOKEN) and a service-specific config path is proportionate for a cloud video-processing service. That said, the registry metadata and SKILL.md are the only places declaring these; there is no homepage or source to validate the service. The config path could contain credentials or other sensitive data—reasonable for this purpose but worth validating.
Persistence & Privilege
always is false and the skill is user-invocable. The skill can be invoked autonomously (disable-model-invocation: false), which is the platform default; this combination is normal for a service integration and does not by itself indicate excessive privilege.
Assessment
Before installing: verify the service provenance (homepage, docs, or source repository) and confirm the host(s) that will receive uploaded recordings. Only provide a NEMO_TOKEN scoped to minimal necessary permissions and consider creating a dedicated account for testing. Inspect ~/.config/nemovideo/ (or ask the publisher what it stores) and avoid uploading sensitive or PII-containing recordings until you trust the service. Ask the publisher for their privacy/retention policy, encryption guarantees, and where exports are published (YouTube, help center, S3, etc.). If you proceed, test with non-sensitive dummy videos first and rotate or revoke the token if anything looks suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk976jr5pmxh1ny8g562cpeceas83xdkw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎓 Clawdis
Primary envNEMO_TOKEN

Comments