Skillv1.0.0

ClawScan security

Image To Jpg Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 5:59 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are consistent with its stated purpose (uploading images and calling a cloud rendering API); it asks only for a single token and has no install steps, but it will send user images to an external nemo video service and auto-create anonymous tokens if none are provided.
Guidance: This skill sends images and session data to an external service (mega-api-prod.nemovideo.ai) to produce videos. Before installing: 1) Confirm you trust that external service and its privacy/TOS because your images will leave your device; avoid uploading sensitive images. 2) Understand the skill will auto-generate an anonymous token and open a network session if you don't provide NEMO_TOKEN, so it can start processing immediately. 3) If you prefer explicit consent, provide your own NEMO_TOKEN or decline to install. 4) Note the skill may check common install paths to set an attribution header — this is not accessing secrets but does probe the filesystem. If any of these behaviors are unacceptable, do not install or use the skill.
Findings: [no-findings] expected: Regex scanner had no code to analyze because this is an instruction-only skill (SKILL.md). No other static findings were produced.

Review Dimensions

Purpose & Capability: okThe skill's name and description match its behavior: it uploads images and requests rendering from a remote nemo video backend. The single required env var (NEMO_TOKEN) and the API endpoints in SKILL.md are directly related to that functionality.
Instruction Scope: noteInstructions tell the agent to connect to mega-api-prod.nemovideo.ai, obtain an anonymous token if NEMO_TOKEN is not set, create a session, upload files (multipart or URL), and poll render state/SSE streams. This is in-scope for image→video conversion, but the skill will automatically initiate network connections and may read file paths provided by the user for upload. It also specifies detecting an install path (~/.clawhub/, ~/.cursor/skills/) to set an attribution header — a minor scope creep (filesystem probe) but not obviously malicious. The SKILL.md asks the agent to keep tokens hidden from the user, and to store session_id for subsequent requests; storage location is unspecified.
Install Mechanism: okNo install spec and no code files — instruction-only. Lowest-risk from an installation perspective because nothing is downloaded or written by an installer.
Credentials: noteThe skill only declares one credential (NEMO_TOKEN) as primary, which is appropriate for a cloud API client. The metadata also lists a config path (~/.config/nemovideo/) even though SKILL.md does not require reading it — this is an extra declaration that may be unused. Overall the requested environment access is proportional.
Persistence & Privilege: okalways is false, user-invocable is true, and the skill does not request persistent platform-wide privileges or modification of other skills. Autonomous invocation (default) is present but not combined with other concerning privileges.