Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sales Enablement Video — AI Video Tool for Sales Playbooks, Rep Coaching, Battlecards, and Revenue Team Training
v1.0.0Teams that use video for sales enablement close 34% faster than teams relying on PDF playbooks alone. Teams with video-based objection handling libraries see...
⭐ 0· 42·0 current·0 all-time
bypeandrover adam@peand-rover
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's description and SKILL.md consistently describe a video production / enablement workflow, which fits the name. However the registry metadata declares a primaryEnv (NEMO_TOKEN) and a config path (~/.config/nemovideo/) while the SKILL.md does not explain any external service, API, or token usage. That mismatch is unexpected: either the token/config are required but undocumented, or they are unnecessary metadata; both are problematic.
Instruction Scope
The SKILL.md asks users to provide call recordings, win/loss notes, product docs and other materials (reasonable for a video-content creation flow). The instructions do not tell the agent to read system files, environment variables, or to upload data to any specific external endpoint. Because the metadata hints at a service token and config path, it's unclear whether the agent would silently attempt to use local config or a remote API — the instructions should explicitly state any automated file/access/upload behavior.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes disk-write and install risk. The absence of an install step is appropriate for a documentation-only integration.
Credentials
The registry metadata sets primaryEnv to NEMO_TOKEN and lists a config path (~/.config/nemovideo/), but required.env is empty and SKILL.md never references a token. Requesting a service token and a user config path without explanation is disproportionate and ambiguous: the token could grant access to external storage/processing of sensitive call recordings or other data. The presence of credentials-like names (NEMO_TOKEN) without justification is a red flag.
Persistence & Privilege
The skill is not always-enabled and has no install step that modifies other skills or global agent configuration. It does not request permanent presence beyond the normal skill registration model.
What to consider before installing
This skill's description of video enablement is coherent, but there are unexplained metadata entries (a primaryEnv = NEMO_TOKEN and a config path ~/.config/nemovideo/) that the SKILL.md never mentions. Before installing or providing any credentials: 1) Ask the publisher what NEMO_TOKEN is, which service it authenticates to, exactly how it's used, and whether a token is mandatory. 2) Ask where uploaded materials (call recordings, docs) are sent, how long they're stored, and whether they're encrypted/retained or shared with third parties. 3) Verify the skill's source and request a homepage or API docs — the registry metadata shows no homepage and the source is unknown, which increases risk. 4) If you must test, avoid giving real, high-privilege credentials — use a limited-scope token or sandbox account and check the contents of ~/.config/nemovideo/ (or deny filesystem access) first. 5) Prefer skills with explicit instructions about external endpoints and data handling; if the author cannot justify the token or config path, treat the skill as unsafe to use with sensitive recordings or production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97fh8cfz8yjydnaxa3ys7ck3s83x3wa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Primary envNEMO_TOKEN