Skillv1.0.0

ClawScan security

Unified Video Lyrics Free · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 1:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly fits its stated purpose (overlaying lyrics on videos) and only asks for a single token, but its runtime instructions reference hidden token acquisition/storage, local config paths not declared in the registry, and guidance to hide API responses — these inconsistencies warrant caution before installing.
Guidance: What to consider before installing: - The skill will call an external API (mega-api-prod.nemovideo.ai), upload video files, and use a bearer token (NEMO_TOKEN). Only provide this token if you trust that domain and its privacy/security practices. - The SKILL.md instructs automatic anonymous token acquisition and storing of session tokens; ask where tokens/session IDs will be stored, and whether they will persist on disk or be accessible to other apps. If you prefer, set NEMO_TOKEN yourself rather than letting the skill create one. - The instructions explicitly tell the agent not to show raw API responses or token values — consider this a red flag for hidden data flows and request that the skill surface important information (e.g., when it uploads or when export URLs are ready). - There is an inconsistency: the skill's frontmatter references a local config path (~/.config/nemovideo/) and checks install paths (~/.clawhub/, ~/.cursor/skills/) but those were not declared in the registry metadata. Confirm whether the skill will read/write these paths and why. - Be cautious about sensitive videos or private content: files will be uploaded to an external service. If the content is sensitive, avoid using this skill or verify the provider's data retention policy. - If you proceed, monitor network activity during first runs and consider limiting the skill's permissions (e.g., do not supply a long-lived token or supply it only temporarily). Ask the skill author to clarify storage, retention, and visibility of tokens and uploaded files.
Findings: [regex-scan:no-findings] expected: The scanner found no code files to analyze; this is expected because the skill is instruction-only (SKILL.md). Absence of findings is not evidence of safety — the runtime instructions are the primary surface to review.

Review Dimensions

Purpose & Capability: okThe skill's name/description (create lyrics-overlaid videos) aligns with the network API calls and the single required credential (NEMO_TOKEN). The endpoints and actions described (upload, render, export, credits) are consistent with a cloud video-processing service.
Instruction Scope: concernThe SKILL.md instructs the agent to automatically obtain an anonymous token if NEMO_TOKEN is not set, create sessions, store session_id, and perform uploads and exports to an external API. It also tells the agent not to display raw API responses or token values to the user — a directive that could hide sensitive data flows. The instructions reference local paths (uploading files using multipart '@ /path' and install-path detection) which could cause uploads of user files if triggered; the skill does not specify secure storage locations or explicit consent for token creation/storage.
Install Mechanism: okThere is no install spec and no code files — this is instruction-only, which reduces direct file-system/write risk. No external binaries or downloads are requested.
Credentials: concernThe registry metadata lists only NEMO_TOKEN (reasonable for a remote service). However, the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) and the instructions examine install paths (~/.clawhub/, ~/.cursor/skills/) to derive headers. Those filesystem checks were not reflected in the registry 'required config paths' field — an incoherence. The skill also asks the agent to generate and store tokens/sessions without specifying where or how (which can lead to unexpected credential persistence).
Persistence & Privilege: notealways:false and no requests to modify other skills — good. The skill can be invoked autonomously (default), which combined with its ability to create tokens, upload files, and call external endpoints increases blast radius but is not itself an unusual privilege for an integration skill.