ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Talking Avatar Video

v1.0.1

Create talking avatar videos using AI — generate realistic digital presenters that speak your script with natural lip sync, facial expressions, and body lang...

0· 61·0 current·0 all-time
bypeandrover adam@peand-rover
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and SKILL.md consistently describe calling an external NemoVideo API to generate avatar videos, which justifies a single API token (NEMO_TOKEN). Minor inconsistency: requires.env is empty in metadata while primaryEnv is set to NEMO_TOKEN — the skill clearly expects a token but the manifest omitted it from the explicit env list. Metadata also lists a config path (~/.config/nemovideo/) even though the instructions never tell the agent to read local files; that discrepancy should be clarified.
Instruction Scope
Runtime instructions are instruction-only and show curl POST examples to an external endpoint (mega-api-prod.nemovideo.ai) using Authorization: Bearer $NEMO_TOKEN — this matches the stated purpose. The SKILL.md does not instruct reading arbitrary local files or other unrelated env vars. However, the skill explicitly supports dynamic personalization (inserting customer names, thousands of variants), which means the agent will send potentially sensitive personal data to an external service — a privacy concern that goes beyond pure functionality. Also the SKILL.md was flagged for unicode-control-chars (see scan findings), which may indicate hidden characters embedded to influence parsing/behavior.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only and does not write code or binaries to disk. This is the lowest-risk install mechanism.
Credentials
The only credential the skill uses is NEMO_TOKEN (primary credential), which is proportionate for an external API. Caveats: the manifest's required env list is empty while primaryEnv is set — a manifest bookkeeping issue. The listed config path (~/.config/nemovideo/) could indicate the skill expects to read or write local config (not shown in the instructions); ask the maintainer what is stored there and why. Confirm the token's scope (is it limited to video generation or does it grant broader account access?).
Persistence & Privilege
always is false and there is no installation step that modifies other skills or system-wide settings. The skill can be invoked autonomously by the agent (disable-model-invocation: false) which is normal for skills but increases blast radius if the token granted is broad — verify token scope before enabling autonomous invocation.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters that could be used to hide or reorder content for humans vs models. This is not expected for a straightforward API-integration skill. It may be benign (formatting artifacts) but could also be an attempt to influence model parsing or conceal instructions; request a clean, control-character-free copy or inspect the raw file before trusting.
What to consider before installing
This skill appears to do what it claims (call NemoVideo's API with a bearer token), but take these precautions before installing: 1) Verify the exact permissions and scope of the NEMO_TOKEN — prefer a token limited to video-generation and no broader account management. 2) Confirm why metadata lists ~/.config/nemovideo/ and whether local files will be read or written; don’t provide sensitive local config unless you understand it. 3) Be aware that personalized workflows (inserting customer names, PII, voice likenesses) will transmit that data to nemo's servers — check their privacy policy, retention, and whether you need consent. 4) Ask the publisher for a clean SKILL.md (control characters removed) and, if possible, an audited code sample or repository release to inspect. 5) Test first with non-sensitive dummy data and an ephemeral or limited-scope token. If any of the above are unanswered or the token has broad privileges, treat the integration as higher risk and avoid enabling autonomous invocation until mitigations are in place.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gzkqztpzy1ezg7mvxmkxfd83t0mx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧑‍💼 Clawdis
Primary envNEMO_TOKEN

Comments