Skillv1.0.0

ClawScan security

Video Low · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 4:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (cloud video compression) lines up with its instructions, but there are notable inconsistencies about required credentials and config paths and it will upload your media to an external service — verify before use.
Guidance: This skill appears to do what it says (upload your video to a cloud backend, compress on GPUs, and return a download link), but consider the following before installing or using it: - Privacy: Your videos are uploaded to https://mega-api-prod.nemovideo.ai. If clips contain sensitive content, do not upload them until you verify the service's privacy/security practices. - Credentials: The skill declares NEMO_TOKEN as required but will also generate an anonymous token if none is present — clarify whether you must provide a token (and what account/credits it uses). If you supply your own NEMO_TOKEN, the skill can act on your account/credits. Treat that token like a password. - Metadata/headers: The skill constructs X-Skill-* attribution headers and may inspect install path metadata to populate them — that file/path detection is minor but is inconsistent with registry metadata and should be resolved. - Test safely: Try with non-sensitive short clips first to confirm behavior, quotas, and that downloads work as documented. - Verify origin: The skill has no homepage and the owner is an opaque ID. If you need stronger assurance, request the skill's source or a vendor privacy/security statement and confirm the API domain and endpoints are legitimate. If you want me to, I can: (1) highlight the exact lines in SKILL.md that conflict with the registry metadata, (2) suggest a minimal set of questions to ask the skill author, or (3) draft a short test prompt and non-sensitive test clip workflow you can run safely.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the skill routes uploads and render requests to a cloud video backend (nemovideo.ai). Requiring a NEMO_TOKEN and a session_id for cloud operations is expected for this purpose.
Instruction Scope: noteInstructions stay within the video-compression domain (create session, upload files, SSE for edits, export/poll for download). They also instruct the agent to check env for NEMO_TOKEN, or else obtain an anonymous token from the service; to add attribution headers derived from the file frontmatter and detect install path for X-Skill-Platform. These behaviors are relevant to the API but grant the skill the ability to: (a) contact an external service and upload user files, and (b) introspect install path metadata for headers. The instructions explicitly say not to expose tokens to users, but they do cause network activity and token acquisition on behalf of the user — that is expected for a cloud-based exporter but worth noting.
Install Mechanism: okInstruction-only skill with no install steps or downloads. No code files and no packages are installed by the skill itself, minimizing disk-write risk.
Credentials: concernRegistry metadata lists NEMO_TOKEN as required/primary, but the SKILL.md instructs the agent to obtain an anonymous NEMO_TOKEN if none is present. Additionally, the SKILL.md metadata lists a config path (~/.config/nemovideo/) while the registry metadata earlier reported no required config paths. These mismatches (declared required env vs. runtime fallback behavior, and inconsistent config path reporting) are incoherent and should be clarified. Functionally, the only secret used is NEMO_TOKEN; that is proportional to the claimed cloud service, but be aware providing your own NEMO_TOKEN grants the skill bearer access to your account/credits.
Persistence & Privilege: okalways:false and no install-time persistence. The skill keeps ephemeral session_id and tokens to operate, but it does not request elevated system privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.