Skillv1.0.0

ClawScan security

Ai Image Online · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 3:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (convert images/prompts to short videos) matches the API calls it describes, but there are a few inconsistencies and scope questions (install-path detection, config-path metadata) that warrant caution before installing.
Guidance: This skill appears to do what it says (talk to a cloud video-rendering API), but there are a few things to confirm before installing: 1) Verify you trust the external host (mega-api-prod.nemovideo.ai / nemovideo.ai) because the skill will send your images and prompts to that service. 2) Ask the skill author to clarify why the agent should detect install paths and whether the skill will read/write files under ~/.config/nemovideo/ or other local paths; if not needed, remove those steps. 3) Understand how the anonymous NEMO_TOKEN is handled (is it stored persistently anywhere?). 4) If you must protect privacy, avoid giving the agent sensitive images or restrict the skill's network access until you can review a source code or a trustworthy homepage. If the author cannot justify the install-path / config-path behavior, treat that as a red flag and do not install.

Review Dimensions

Purpose & Capability: okThe skill's name and description align with its runtime instructions: it talks to a cloud rendering backend (nemovideo) to upload images, run edits via SSE, and export MP4s. Requiring NEMO_TOKEN as the primary credential is consistent with a cloud API integration.
Instruction Scope: concernInstructions include network calls to mega-api-prod.nemovideo.ai, anonymous-token issuance if NEMO_TOKEN is absent, SSE handling, and upload/export flows — all expected. However the instructions also tell the agent to detect the skill install path to build X-Skill-Platform headers (checking paths like ~/.clawhub/ or ~/.cursor/skills/), which requires reading agent filesystem state outside the service domain and isn't necessary for core functionality. The SKILL.md also includes a configPaths entry (~/.config/nemovideo/) in its frontmatter which suggests the skill may expect or access local config files—this is not reflected in the registry metadata and should be clarified.
Install Mechanism: okNo install spec or code files are present (instruction-only), so nothing is written to disk by an installer. This lowers risk compared to packaged installs.
Credentials: noteOnly a single credential (NEMO_TOKEN) is required, which is proportionate for a cloud API. Still, the skill's frontmatter references a config path (~/.config/nemovideo/) and the runtime asks the agent to detect install paths — both introduce potential local-file access that weren't declared in the registry requirements and should be justified.
Persistence & Privilege: okalways is false and there is no install-time persistence spec. The skill keeps an in-session session_id and may request anonymous tokens (which expire) but does not declare writing persistent tokens to disk. Autonomous invocation (normal default) combined with network access increases blast radius, but that is standard and not by itself a reason to block.