Skillv1.0.0

ClawScan security

Maker Free Best · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 12:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a video-upload/rendering purpose, but there are inconsistencies and a few instructions that could allow unexpected local-file access or configuration reads — review before installing or authorizing tokens.
Guidance: This skill appears to do what it says (cloud video rendering) and only asks for a single API token, but there are a couple of things to check before installing: (1) Confirm why the skill claims access to ~/.config/nemovideo/ (the registry metadata doesn't list it) — that folder could contain other tokens or private data. (2) Prefer uploading video files through the chat attachment mechanism instead of providing local filesystem paths; the instructions show multipart uploads that reference local paths, which could allow the agent to read arbitrary files if given a path. (3) Verify you trust the endpoint domain (mega-api-prod.nemovideo.ai) before providing NEMO_TOKEN. If you need higher assurance, ask the skill author to remove the configPath requirement and to restrict upload instructions to user-provided attachments/URLs only.

Review Dimensions

Purpose & Capability: noteName/description align with cloud video rendering and the only declared credential is NEMO_TOKEN, which is appropriate. However the SKILL.md frontmatter requests a config path (~/.config/nemovideo/) that the registry metadata did not list; this mismatch is unexplained and deserves clarification (why would a simple render skill need that local config folder?).
Instruction Scope: concernThe runtime instructions are fairly specific and limited to creating sessions, uploading files, sending SSE messages, polling export status, and returning download URLs — all coherent for a cloud render service. However, the doc explicitly shows multipart uploads using local filesystem paths (e.g., -F "files=@/path") and tells the agent to detect install paths to set X-Skill-Platform. Those items imply the agent may read arbitrary local file paths or probe install locations, which is broader than just handling user-supplied attachments and could enable exfiltration if misused.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk or downloaded by the skill itself, which is the lowest-risk install model.
Credentials: noteThe skill declares a single primary credential (NEMO_TOKEN), which fits a third-party API. But SKILL.md metadata requesting a config path (~/.config/nemovideo/) is inconsistent with the registry's reported required config paths (none). That configPath could expose local stored secrets or configs; its presence should be justified or removed.
Persistence & Privilege: okalways:false and default autonomous invocation are set (normal). The skill does not request elevated or persistent platform privileges. No indication it will modify other skills or system settings.