ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

En Espanol Editor Ai

v1.0.0

Cloud-based en-espanol-editor-ai tool that handles adding Spanish subtitles to videos. Upload MP4, MOV, AVI, WebM files (up to 500MB), describe what you need...

0· 37·0 current·0 all-time
bypeandrover adam@peand-rover
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Spanish subtitle editor) align with the instructions: upload videos, start sessions, send SSE messages, render, and download results. The single required env var (NEMO_TOKEN) is appropriate for calling the external API.
Instruction Scope
Instructions tell the agent to POST files and metadata to an external API, generate an anonymous token if no NEMO_TOKEN exists, save session_id, stream SSE, and poll render status — all consistent with a cloud render pipeline. The SKILL.md also instructs reading this file's YAML frontmatter at runtime and detecting install path to set attribution headers; that implies filesystem inspection which is beyond pure network calls and may not be available in all runtimes.
Install Mechanism
No install spec or code is included (instruction-only), so nothing will be written to disk by an installer. This is the lowest-risk install model.
Credentials
Only one credential is required (NEMO_TOKEN) and the instructions provide a flow to create an anonymous token when absent. No unrelated secrets or multiple credentials are requested.
Persistence & Privilege
Skill is not always-enabled and doesn't request special platform privileges. It does ask to 'save session_id' (expected for sessions) but does not instruct modifying other skills or system-wide settings.
Assessment
This skill appears coherent for a cloud-based Spanish subtitle/video editor and only requires a single service token (NEMO_TOKEN). Before installing: (1) confirm you trust the endpoint domain (mega-api-prod.nemovideo.ai) because using the skill will upload video and audio to that service; (2) understand NEMO_TOKEN (or an anonymous token generated by the skill) will be sent as Bearer auth for every API call; (3) note the skill may attempt to read its YAML frontmatter and detect install paths — that implies limited filesystem access — make sure you’re comfortable with that behavior in your environment; (4) verify the provider’s privacy/retention policy for uploaded media if you’re sending sensitive videos. If any of these are unacceptable, do not install or run the skill until you have more information about the service and hosting.

Like a lobster shell, security has layers — review code before you run it.

latestvk9739qwpx5n6gz0fv8dd367gmn84jrh7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🇪🇸 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments