Skillv1.0.0

ClawScan security

Browser Generator Cartoon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 3:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (cloud cartoon video generation) matches the network APIs and the single required credential (NEMO_TOKEN), but the runtime instructions and frontmatter contain inconsistent/extra requests to read config/install paths and to auto-create/store tokens — behavior that is not strictly necessary and warrants caution.
Guidance: This skill mostly does what it says: it calls a nemo video backend and needs a NEMO_TOKEN. Before installing/using it you should: 1) be aware the skill will contact https://mega-api-prod.nemovideo.ai and may auto-generate/store an anonymous token if none is provided — if you prefer, set your own token rather than allowing auto-creation; 2) ask the maintainer why SKILL.md mentions ~/.config/nemovideo/ and why the agent must detect your install path (this requires reading parts of your filesystem) — if you don't want filesystem reads, decline or sandbox the skill; 3) avoid uploading sensitive or private videos to this service unless you accept the provider's privacy terms; and 4) if you need higher assurance, request the skill's source or an explicit statement about where tokens/session data are stored and how long they persist.

Review Dimensions

Purpose & Capability: noteThe skill's name and description align with the APIs it calls (video render, upload, export). Requiring a single service token (NEMO_TOKEN) is appropriate for a cloud render service. However, the SKILL.md frontmatter includes a configPaths entry (~/.config/nemovideo/) even though the registry metadata listed none — this mismatch is unexplained.
Instruction Scope: concernInstructions explicitly tell the agent to auto-request an anonymous token if NEMO_TOKEN is absent, store a session_id and token, and to derive attribution headers from the agent's install path (detect paths like ~/.clawhub/ or ~/.cursor/skills/). Reading the agent's install path or config directory (and storing tokens) means the agent will access the filesystem and persist credentials in memory or config — actions that are outside the bare minimum for 'generate a cartoon' and should be made explicit to users.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This is low-risk from an installation perspective since nothing is written to disk by an installer.
Credentials: noteRequesting NEMO_TOKEN as the primary credential is proportionate to a cloud-rendering service. However, the presence of a configPaths entry in the SKILL.md frontmatter (~/.config/nemovideo/) suggests additional file access that isn't justified or explained elsewhere; that increases the credential/file-access surface.
Persistence & Privilege: okThe skill is not always:true and does not request elevated or persistent platform-wide privileges. It does instruct the agent to store session tokens for subsequent requests, which is reasonable for session-based APIs but not excessive on its face.