Skillv1.0.0

ClawScan security

Fanqie Ai Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 9:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a remote AI video-editing service, but there are metadata/instruction inconsistencies and a few runtime actions (automatic token creation, storage, and install-path auto-detection) that the user should be aware of before installing.
Guidance: This skill appears to be a frontend for a remote AI video-editing API and will upload videos to mega-api-prod.nemovideo.ai and hold short-lived tokens/sessions. Before installing: (1) confirm you trust the remote domain and its privacy/terms — any uploaded videos go to their servers; (2) ask the author to fix metadata mismatches (registry claims no config path and required NEMO_TOKEN, while SKILL.md lists ~/.config/nemovideo/ and provides an anonymous-token flow); (3) decide whether you’re comfortable the skill will create and store anonymous tokens (7‑day) and may read install-path info to set an attribution header; (4) avoid uploading sensitive content until you verify the service; (5) if you want to limit exposure, set a dedicated NEMO_TOKEN tied to a disposable account or require manual token entry rather than allowing automatic anonymous-token creation. If you want higher assurance, request the skill author to clarify where tokens/session_ids are stored and to align registry metadata with SKILL.md.

Review Dimensions

Purpose & Capability: noteThe described purpose (remote AI video editing, uploads, rendering, and downloads) aligns with the API endpoints and flows in SKILL.md. However, registry metadata and the skill frontmatter disagree: the registry lists no config paths while the SKILL.md frontmatter requires ~/.config/nemovideo/. Also the registry marks NEMO_TOKEN as required but the instructions include an anonymous-token acquisition flow when NEMO_TOKEN is absent. These mismatches are incoherent and worth clarifying.
Instruction Scope: noteInstructions explicitly tell the agent to upload user video files and URLs, create sessions, stream SSE messages, poll render endpoints, and store a session_id. Those actions are expected for a video-editing integration. Points to watch: (1) the skill auto-generates an anonymous token by POSTing to an external API if NEMO_TOKEN is not set, (2) it instructs the agent to 'auto-detect' platform from the install path for an attribution header (this implies reading agent/install path metadata), and (3) it says keep tokens hidden but still store them for reuse — storage location is not fully specified. None of these are inherently malicious but they extend the agent’s filesystem/network access in ways the registry metadata doesn't fully describe.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so it does not write or install binaries on disk. That reduces install-time risk.
Credentials: noteThe only declared credential is NEMO_TOKEN (primaryEnv). That is proportionate for a remote service. However, the registry marks it as required while SKILL.md provides an anonymous-token flow when it's absent — a mismatch. The frontmatter also references a config path (~/.config/nemovideo/) which the registry omitted; if the agent will write session tokens or IDs into that path, the registry should have declared it. No unrelated credentials are requested.
Persistence & Privilege: notealways:false (no forced global presence). The skill instructs storing session_id and possibly tokens (7-day anonymous tokens) for reuse, and frontmatter suggests a config directory. Storing its own session state is normal, but the registry should have declared the config path if persistent storage is used. Autonomous invocation is allowed (default), which increases impact if the skill is later given broad permissions — this is expected but worth noting.