ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Text To Video Gemini

v1.0.0

generate text prompts into AI generated videos with this skill. Works with TXT, DOCX, PDF, plain text files up to 500MB. content creators use it for generati...

0· 24·0 current·0 all-time
by@linmillsd7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: it connects to a NemoVideo cloud backend, creates sessions, uploads user files, streams SSE, and returns download URLs. Requested credential (NEMO_TOKEN) is appropriate. However, the SKILL.md metadata references a config path (~/.config/nemovideo/) while the registry metadata listed no required config paths — this mismatch is unexplained and worth clarifying.
Instruction Scope
Runtime instructions direct the agent to call https://mega-api-prod.nemovideo.ai endpoints (auth, session, upload, render, credits, state) and to POST multipart files or URLs you provide. It also instructs deriving an X-Skill-Platform header by probing install paths (e.g., ~/.clawhub), which requires inspecting local paths and thus leaks which platform/layout you use. The skill will auto-request an anonymous token if NEMO_TOKEN is absent. It does not instruct reading arbitrary system files beyond these behaviors, but file uploads and install-path detection are privacy-relevant.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk by an installer step. Lowest install risk from this angle.
Credentials
Only one environment credential is declared (NEMO_TOKEN), which is proportional for a cloud service. The skill will also obtain an anonymous token from the service if none is provided. The aforementioned inconsistency about a required config path (~/.config/nemovideo/) raises a question about whether the skill expects or will create on-disk config (and whether tokens might be persisted).
Persistence & Privilege
always:false and normal autonomous invocation settings. There is no claim to modify other skills or system-wide settings. The primary privilege is network access to the external API and the ability to upload files you provide.
What to consider before installing
What to consider before installing: - Domain & provenance: the skill talks to mega-api-prod.nemovideo.ai but has no homepage/source listed; verify the service/operator and privacy/terms before sending content. - Token behavior: the skill uses NEMO_TOKEN and will auto-request an anonymous token if none is present. Ask whether that anonymous token or any token is persisted to disk (e.g., in ~/.config/nemovideo/) before you install. Prefer ephemeral tokens if possible. - File uploads: any file you give will be uploaded to the remote service. Do not upload sensitive documents, secrets, or private videos unless you trust the service and its retention policy. - Install-path probing: the skill derives an X-Skill-Platform header by checking install paths. This leaks which agent/installation layout you use; if you dislike this fingerprinting, ask for it to be removed or sandbox the skill. - Clarify the config-path mismatch: registry metadata said no config paths required but SKILL.md lists ~/.config/nemovideo/. Ask the author which is correct and whether anything will be written there. - If you need higher assurance, request the skill's source or a privacy/security statement, run it only when explicitly invoked, and avoid granting broad persistent tokens until you confirm token storage/rotation policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk971mr6c0stb8cg5c76dg16w0n84w6sj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments