Skillv1.0.0

ClawScan security

Youtube Audio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 5:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely behaves like a cloud video-processing frontend (requiring a NEMO_TOKEN and uploading media to mega-api-prod.nemovideo.ai), but there are inconsistencies and scope-creep compared with its name/registry metadata that you should understand before installing.
Guidance: What to consider before installing: - This skill uploads videos (up to 500MB) to an external service (mega-api-prod.nemovideo.ai). Do not send sensitive or private content unless you trust that service and have reviewed its privacy/retention policy. - The skill will send your NEMO_TOKEN as an Authorization bearer token on every API call. Only provide a token you control and trust; if you have a long-lived token in your environment, it will be used. - If no token is present, the skill will obtain an anonymous token automatically by POSTing to the service (it generates a UUID client id). That gives temporary credentials to the remote service — again, consider whether you want automated credential creation. - There is a mismatch between the registry metadata (no config paths) and the SKILL.md frontmatter (~/.config/nemovideo/). Ask the publisher which is correct if you care about local config exposure. - The skill's name implies 'audio extraction' but the instructions implement a broader video-edit/render workflow (edits, overlays, SSE streams). If you only need lightweight local audio extraction, a local tool (ffmpeg) would avoid uploading your files. - If you proceed, test with a non-sensitive sample file first to confirm behavior, headers sent, and that outputs meet expectations. If you want, I can: (a) extract the exact API calls and headers this skill will send for a sample request, or (b) suggest a purely local alternative using ffmpeg so nothing leaves your machine.

Review Dimensions

Purpose & Capability: concernThe name/description emphasize extracting audio from YouTube videos, but the runtime instructions describe a full cloud video render/edit pipeline (tracks, overlays, SSE-driven edits, exports, GPU nodes, 1080p MP4 output). That is broader than a simple 'audio extractor' and may request uploading whole videos. Also the SKILL.md frontmatter lists a config path (~/.config/nemovideo/) while the registry metadata listed none — an inconsistency about what local config it expects.
Instruction Scope: noteThe instructions are detailed and bounded to the nemo backend API (session creation, upload, SSE, polling, export). They instruct the agent to POST to an anonymous-token endpoint if no NEMO_TOKEN is present (generate UUID, exchange for a short-lived token) and to include skill attribution headers. They also ask the agent to detect an install path to set X-Skill-Platform and to read the file's YAML frontmatter for X-Skill-Version. These filesystem checks and automatic token acquisition are reasonable for a cloud service integration but expand the agent's actions beyond simple local processing (network uploads, filesystem reads).
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer step according to provided metadata.
Credentials: noteOnly one env var is required: NEMO_TOKEN (declared as primary). That is proportional for a hosted service. Caveats: the skill will use the token as a Bearer credential on every request to mega-api-prod.nemovideo.ai, and the SKILL.md also indicates an anonymous-token flow that creates a token client-side if none is present. The earlier registry summary claimed no config paths but the SKILL.md frontmatter lists ~/.config/nemovideo/, which is inconsistent and worth confirming.
Persistence & Privilege: okalways:false and model-invocation not disabled (normal). The skill does not request persistent/always-on privileges or changes to other skills. It does instruct reading certain local paths to detect platform attribution, which is limited in scope.