Skillv1.0.0

ClawScan security

Image To Video Midjourney · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 11:14 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions broadly match its stated purpose (animating images via a Nemo cloud API) but there are internal inconsistencies and a small set of unexpected access requests that deserve scrutiny before installation.
Guidance: This skill appears to do what it says (upload images to a Nemo render API and return videos), but there are a few things to check before installing: 1) Source and trust: there is no homepage or known publisher—prefer skills from a verifiable source. 2) Token scope: only provide a NEMO_TOKEN that is limited in scope/permissions and not reused for other services; if unsure, let the skill obtain an anonymous starter token rather than sharing a long-lived secret. 3) Filesystem probing: the skill may inspect install paths (~/.clawhub/, ~/.cursor/skills/) and mentions ~/.config/nemovideo/ in its metadata — ask the publisher why that config path is needed and insist it not read other user files. 4) Network endpoints: all traffic goes to mega-api-prod.nemovideo.ai — confirm this domain is legitimate for the service. If you need higher assurance, ask for the skill's source code or a homepage and for the registry metadata to be corrected (the registry reported no config paths while the skill frontmatter declares one). Providing those details would raise confidence and could change this assessment to benign.

Review Dimensions

Purpose & Capability: noteName/description align with using a cloud render API to convert still images to short videos. Requiring NEMO_TOKEN is appropriate for an API-backed service. However, the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) and runtime behavior to detect the agent install path for attribution headers — these are not clearly necessary for the core animation function and mismatch the registry summary (which listed no config paths).
Instruction Scope: noteInstructions focus on the Nemo API flows (auth, session creation, upload, SSE, export) and on sending user images to the cloud — this is consistent. The skill also instructs the agent to: read this file's YAML frontmatter, detect the agent's install path (e.g., ~/.clawhub/, ~/.cursor/skills/) to set an X-Skill-Platform header, and potentially access ~/.config/nemovideo/. Reading its own frontmatter is benign; probing install paths and an extra config directory is additional filesystem access beyond the minimum needed to upload an image and call the API.
Install Mechanism: okNo install spec or code files — instruction-only. This is lower-risk because nothing is downloaded or written to disk by the skill itself.
Credentials: concernOnly NEMO_TOKEN is declared and used as the primary credential, which is proportionate. But the frontmatter's configPaths entry (~/.config/nemovideo/) and the implied filesystem probing are unexpected and not explained. The skill also offers to obtain an anonymous token by POSTing to an external endpoint if NEMO_TOKEN is absent — network token acquisition is reasonable, but users should be aware the skill will contact an external service and receive a bearer token to use on their behalf.
Persistence & Privilege: okalways:false and no install hooks are present. The skill does not request persistent system-wide privileges or to modify other skills. Autonomous invocation is enabled (default) but not combined with other high-risk flags.