Skillv1.0.0

ClawScan security

Image To Video Local Model · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 6:56 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims a 'local model' but its runtime instructions clearly send images and jobs to a cloud service and automatically obtain/store tokens; this mismatch plus hidden-token behavior and minor metadata inconsistencies warrant caution.
Guidance: This skill will send images and jobs to https://mega-api-prod.nemovideo.ai and will create or use a NEMO_TOKEN for cloud rendering — despite calling itself a 'local model'. Before installing: 1) Don't assume processing is local; treat uploads as leaving your device and avoid sending sensitive images. 2) Verify the API domain and service reputation; consider creating/managing the token yourself rather than letting the skill auto-generate and store it. 3) Ask the developer or vendor how long uploads and rendered videos are retained and whether they are used for training. 4) Note the skill instructs the agent to hide raw API responses and tokens from the user—this reduces transparency. 5) If you require true on-device (offline) processing, do not install; if you proceed, test with non-sensitive images and limit the token's scope/credentials. Lastly, request clarification about the config path mentioned in the frontmatter (~/.config/nemovideo/) since registry metadata lists no required config paths.

Review Dimensions

Purpose & Capability: concernThe skill's name/display text suggests a 'local model', but every runtime action targets mega-api-prod.nemovideo.ai and cloud GPUs — so the advertised purpose (local processing) does not match the actual capability (cloud rendering). The YAML frontmatter also lists a config path (~/.config/nemovideo/) even though the registry metadata reported none, an internal inconsistency.
Instruction Scope: concernInstructions direct the agent to upload user images and job data to external endpoints, create and store session tokens, and automatically obtain an anonymous NEMO_TOKEN if none exists. The SKILL.md tells the agent not to display raw API responses or token values to the user, which reduces transparency. It also instructs building attribution headers that require detecting install paths (reading filesystem install path), so the agent may access local paths to populate X-Skill-Platform.
Install Mechanism: okNo install spec and no code files — this is instruction-only, so nothing is written to disk by an installer. That lowers supply-chain risk relative to an arbitrary download/install.
Credentials: concernOnly one env var (NEMO_TOKEN) is declared, which is appropriate for a cloud API. However, the skill's runtime instructs the agent to automatically POST to obtain an anonymous token and store it if NEMO_TOKEN isn't set; combined with the instruction to hide token values from the user, this raises proportionality/transparency concerns. The frontmatter's mention of a config path (~/.config/nemovideo/) is another unexpected access target.
Persistence & Privilege: noteThe skill does not request 'always: true' and only asks to store a session_id and token for the session lifecycle. Autonomous invocation is allowed (platform default). Consider that autonomous skills plus stored tokens increase blast radius if the skill is compromised, but this skill does not request elevated persistent privileges beyond that.