Skillv1.0.0

ClawScan security

Video Generator Ki Free · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 2:30 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally behaves like a video-generation API client (NEMO_TOKEN and uploads make sense) but there are a few inconsistencies and privacy-sensitive behaviors (filesystem probing, metadata mismatch, and automatic file uploads to an external API) that warrant caution before installing.
Guidance: What to consider before installing: - Trust the remote service: this skill uploads your files (images/video/audio) to https://mega-api-prod.nemovideo.ai; only use it for media you are comfortable sending to that domain. - Token scope: NEMO_TOKEN is the API credential — treat it like a password. If you provide your token, the skill can act as you (create sessions, render jobs, consume credits). Use an API key with limited scope or an ephemeral token where possible. - Anonymous token behavior: if you don't provide a token the skill will POST to the provider to obtain a free anonymous token — this is convenient but means the provider can still receive your uploads. - Filesystem probing: the skill instructs reading its own frontmatter and detecting install paths (~/.clawhub, ~/.cursor/skills). That requires filesystem access; avoid installing if you don't want a skill that may inspect local paths. - Metadata mismatch: frontmatter lists a config path (~/.config/nemovideo/) not declared in the registry metadata — ask the publisher why and whether any local config will be read. - No source/homepage: the skill has no homepage or published source; if you need accountability or audits, prefer skills with a clear origin. Recommendations: verify the service domain and privacy policy, prefer ephemeral or limited-scope tokens, avoid sending sensitive files, and ask the publisher to explain the configPath and install-path checks before trusting the skill with account credentials or private media.

Review Dimensions

Purpose & Capability: noteThe name/description (AI video generator) matches the runtime instructions: uploading media, creating sessions, SSE for generation, and exporting MP4s. Requested primary credential NEMO_TOKEN is proportional for an API-backed service. However, SKILL.md frontmatter declares a config path (~/.config/nemovideo/) while the registry metadata reported no required config paths — this metadata mismatch is inconsistent and unexplained. The skill also asks the agent to detect install path (~/.clawhub/ or ~/.cursor/skills/) to fill an attribution header, which is plausible but broadens filesystem access beyond strictly 'send me media'.
Instruction Scope: concernInstructions include creating sessions, uploading potentially large user files (up to 200MB), polling state, SSE handling, and always including Authorization and attribution headers. Those actions are coherent with a cloud-render workflow. Concerning points: the instructions direct reading this skill's YAML frontmatter and detecting agent install paths on disk (probing ~ and specific directories) — this requires filesystem access and could reveal other environment details. The SKILL.md also instructs the agent to 'keep technical details out of the chat' which is operational guidance but not a security issue by itself. No unrelated environment variables are requested in registry data, and instructions do not request additional credentials beyond NEMO_TOKEN, but filesystem probing and automatic uploads of user files to an external domain increase privacy risk.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is low risk from an installation perspective because nothing is written to disk by the skill itself. The runtime behavior still involves network calls, but there is no package download or archive extraction to review.
Credentials: noteOnly NEMO_TOKEN is declared as required and is the primary credential — that is proportionate for an API-backed video service. The SKILL.md includes logic to generate an anonymous token if NEMO_TOKEN is absent (POST to the provider) which is reasonable but means tokens may be minted transparently. The earlier-mentioned mismatch about a declared config path (~/.config/nemovideo/) in the frontmatter is unexplained by the registry metadata and could imply the skill might read local config files if present.
Persistence & Privilege: okalways:false (default) and disable-model-invocation:false — normal settings. The skill does not request persistent presence or claim to modify other skills or global agent settings. No indicators of elevating privileges or self-enabling behavior in the provided instructions.