ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Test Peandrover Account

v1.0.0

Generate video content directly from text descriptions and scripts using advanced AI video creation technology. This skill transforms your written prompts, s...

0· 67·0 current·0 all-time
by@nemovideonemo·duplicate of @nemovideonemo/text-to-video-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (text-to-video via NemoVideo) are internally consistent with a skill that calls an external video-generation API. However the skill lists no required credentials or configuration even though it explicitly says it connects to mega-api-prod.nemovideo.ai, which is uncommon for a 3rd-party API and reduces clarity about how it will operate.
!
Instruction Scope
SKILL.md is high-level and vague: it states 'works by connecting to the NemoVideo backend' but gives no API endpoints, auth method, or limits on what data is sent. That open-ended instruction could lead the agent to transmit user-provided scripts/prompts and other context to an unknown external host with no documented safeguards.
Install Mechanism
Instruction-only skill with no install spec or code files—low installation risk and nothing will be written to disk by an installer.
!
Credentials
The skill declares no required environment variables or primary credential but intends to call an external API. Typical remote APIs require API keys or tokens; the absence of any declared auth mechanism is disproportionate and ambiguous (could imply unauthenticated calls, interactive credential prompts, or implicit use of platform credentials).
Persistence & Privilege
always is false and there are no install actions or configuration changes described. The skill does not request persistent system privileges or to modify other skills.
What to consider before installing
This skill claims to send your text/scripts to the NemoVideo backend but provides no details on how or whether it authenticates. Before installing or using it, verify the provider and how API keys or data are handled: ask the publisher for API endpoint docs, required environment variables (API key/token), and a privacy/data-retention policy. Because the SKILL.md is vague, avoid submitting sensitive or proprietary scripts until you confirm the service and authentication method. If you cannot obtain credible documentation or a trusted publisher, treat the skill as risky and test only with non-sensitive inputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973f68k52d04a3d04rrkg0nvx83e6jb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis

Comments