Skillv1.0.0

ClawScan security

Video Local · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 6:27 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill advertises “local” editing but its instructions clearly upload files and use a remote API; metadata also inconsistently references a local config path and install-path detection, which could expose environment information — these mismatches warrant caution.
Guidance: This skill claims to edit "local" videos but the runtime instructions upload your files to a remote API (mega-api-prod.nemovideo.ai) and may probe local paths (~/.clawhub/, ~/.cursor/skills/, ~/.config/nemovideo/) to set headers — so it is not offline/local-only. Before installing or using it: (1) assume your videos will be transmitted to the vendor's servers; do not send sensitive footage. (2) Ask the publisher how long uploads and derived data are retained, who operates the endpoint, and whether uploads are encrypted/isolated. (3) If you need true local-only editing, do not use this skill. (4) Consider testing with a non-sensitive short clip first and only provide a minimal-scoped token (or use the anonymous token flow) if you accept cloud processing. (5) Note the metadata inconsistency about config paths and ask the author to clarify why the skill needs to inspect local directories.

Review Dimensions

Purpose & Capability: concernThe name/description emphasize "local" editing, but the SKILL.md describes uploading user video files to https://mega-api-prod.nemovideo.ai and doing all rendering server-side. That is a meaningful mismatch between user expectation (local-only) and actual behavior. Additionally, the SKILL.md metadata declares a required configPaths (~/.config/nemovideo/) and detection of install paths (~/.clawhub/, ~/.cursor/skills/), which are not reflected in the registry requirement summary — another inconsistency.
Instruction Scope: concernRuntime instructions tell the agent to: generate an anonymous token (POST /api/auth/anonymous-token), create sessions, upload local files via multipart POST (/api/upload-video/...), stream SSE (/run_sse), poll render status, and include many headers. They also instruct detecting local install paths to set X-Skill-Platform, which implies reading filesystem paths (~/.clawhub/, ~/.cursor/skills/) and potentially ~/.config/nemovideo/. These filesystem checks and uploads go beyond simple editing instructions and can reveal environment information and transmit user files to a third-party API — inconsistent with a strictly local editing claim.
Install Mechanism: okInstruction-only skill with no install steps or downloaded code, so it does not write new binaries to disk or pull remote archives. This is the lowest install risk.
Credentials: noteThe skill requests a single credential (NEMO_TOKEN) which is appropriate for a hosted service. However, SKILL.md metadata also references a config path (~/.config/nemovideo/) and requires detecting installation directories; that expands the scope of data the agent may read beyond just one token and is not justified by the registry metadata inconsistency.
Persistence & Privilege: okThe skill does not request always:true and has no install-time hooks. It instructs saving session_id and using tokens for API calls, which is normal for session-based APIs and does not indicate elevated platform privileges or modifications to other skills.