Skillv1.0.0

ClawScan security

Ai Video Generator For Marketing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 2:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (cloud video generation) mostly matches its instructions, but there are metadata/instruction inconsistencies (required config path vs registry, required env var vs fallback anonymous-token flow) and the skill instructs the agent to obtain and use runtime tokens from an external API — things you should review before installing.
Guidance: What to check before installing: - The domain the skill calls is https://mega-api-prod.nemovideo.ai — verify you trust this service (privacy, data retention, where uploaded media goes). - Metadata mismatch: the registry says no required config paths, but SKILL.md frontmatter mentions ~/.config/nemovideo/. Ask the publisher whether the skill will read/write that path (token cache or logs). - Credential flow: the skill declares NEMO_TOKEN as required, but also describes obtaining an anonymous token via an API if none is present. Ask whether the skill will persist that anonymous token anywhere and whether it will reuse it across sessions. If you prefer to supply your own token, confirm that it will be used instead of anonymous tokens. - Network access: the skill depends on external network calls and uploads your media to a third-party backend. If your media is sensitive, do not use this skill without confirming the provider's terms and storage practices. - Attribution headers: the skill will attempt to detect install path to set X-Skill-Platform headers. Confirm whether the skill needs filesystem access for that detection and whether that could expose local data. If any answers are missing or you don't trust the endpoint/provider, treat this as risky and do not install. If you proceed, prefer supplying your own NEMO_TOKEN and ask the publisher to correct metadata inconsistencies and document token persistence explicitly.

Review Dimensions

Purpose & Capability: noteName and description match the runtime instructions (cloud-rendering of videos via nemo backend). Requesting a NEMO_TOKEN and using the nemovideo API is coherent with a video-generation service. However the SKILL.md metadata lists a config path (~/.config/nemovideo/) while the registry metadata earlier indicated no required config paths — this mismatch should be resolved.
Instruction Scope: noteInstructions are mostly scoped to uploading media, creating sessions, SSE streaming, polling render status, and exporting results. They do instruct the agent to check environment for NEMO_TOKEN and, if missing, to POST to an anonymous-token endpoint to obtain a token — which effectively causes credential acquisition at runtime. The skill also tells the agent to read the skill's frontmatter and to detect install path for an X-Skill-Platform header (this requires some filesystem awareness). There are no instructions to read unrelated secrets or user files, but the token-fetch and install-path detection are noteworthy.
Install Mechanism: okInstruction-only skill with no install spec or code to download — low install risk. Nothing is written to disk by an install step in the package metadata.
Credentials: concernRegistry metadata declares NEMO_TOKEN as the required primary credential which is appropriate for a nemo API integration. But SKILL.md provides a fallback anonymous-token acquisition flow if NEMO_TOKEN is absent, and the frontmatter mentions a config path (~/.config/nemovideo/). The presence of both 'required env var' and a runtime token-acquisition path is inconsistent and unclear: will the skill use a user-provided token, create a short-lived anonymous token, or persist tokens into a config directory? The skill does instruct not to expose tokens in messages, but it's not explicit whether tokens are persisted to disk or only held in memory.
Persistence & Privilege: okThe skill does not request 'always:true' and does not ask to modify other skills or system-wide settings. It appears to rely on runtime session tokens and session IDs rather than demanding long-term elevated privileges.