Skillv1.0.0

ClawScan security

Video Game Maker Free Online · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 5:39 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (make videos from images) matches most of its instructions, but there are a few inconsistencies and privacy/operational concerns (automatic token creation/storage, implicit filesystem probing via install-path detection, and mismatched metadata about config paths) that you should understand before installing.
Guidance: This skill appears to do what it claims (cloud video rendering) but it will automatically request or create an API token and keep session state. Before installing: 1) Confirm you are comfortable with the skill making outbound requests to mega-api-prod.nemovideo.ai and creating/storing tokens on your machine; ask where tokens/session IDs are saved and how to delete them. 2) Ask the publisher to clarify the config path behavior (does it read/write ~/.config/nemovideo/?) and to make token storage explicit (file path, permissions). 3) If you want tighter privacy, require explicit user consent before generating tokens or probing local install paths for the X-Skill-Platform header.
Findings: [no_regex_findings] expected: The static regex scanner found no code because this is an instruction-only skill (SKILL.md). That absence is expected, but it means the runtime instructions in SKILL.md are the primary security surface.

Review Dimensions

Purpose & Capability: noteThe skill claims to convert images into trailers and requires a single credential (NEMO_TOKEN), which is proportionate. However the SKILL.md frontmatter includes a configPaths entry (~/.config/nemovideo/) while the registry metadata lists no required config paths — this mismatch is unexplained and suggests the skill expects to read or write a local config directory even though the top-level registry doesn't declare it.
Instruction Scope: concernRuntime instructions tell the agent to: automatically connect to a remote backend, POST to an anonymous-token endpoint to obtain a token, create sessions, upload user files, stream SSE, and set attribution headers derived from local install paths. Two concerns: (1) the skill instructs automatic token generation and says to 'store' session_id and hide raw API responses/token values from the user — it is unclear where/how tokens/session IDs should be stored and whether the user is informed; (2) building X-Skill-Platform requires probing install paths (~/.clawhub/, ~/.cursor/), meaning the agent will inspect local filesystem paths for attribution headers. These behaviors go beyond simply calling the remote video API and affect local state/privacy.
Install Mechanism: okInstruction-only skill with no install steps or code files. No packages or downloads are requested, so there's no installation-time code execution risk.
Credentials: noteOnly one env var (NEMO_TOKEN) is declared as required, which matches the described API usage. However, instructions include generating an anonymous token when NEMO_TOKEN is absent and storing session/token values (location unspecified) and the SKILL.md frontmatter lists a config path (~/.config/nemovideo/). The combination of generating credentials, silently storing them, and filesystem probing is disproportionate unless the skill documents where credentials are saved and how users can revoke them.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistent privileges. Autonomous invocation is allowed (default) but not combined with other high-risk properties in the manifest. There is no explicit instruction to modify other skills or global agent configs.