Skillv1.0.0

ClawScan security

Youtube To Video Ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 10:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions mostly match its stated purpose (uploading YouTube videos to a cloud render backend), but there are provenance and small metadata inconsistencies and it will transmit user video data and create/use anonymous tokens — you should review privacy and origin before installing.
Guidance: This skill appears to do what it says (upload your video to a 'nemovideo' cloud service and return a clipped MP4), but a few things to check before installing: - Origin and trust: There is no homepage or author URL; the registry owner ID is present but the source is unknown. Try to verify the vendor/service (nemovideo.ai) and confirm it is legitimate before sending sensitive content. - Privacy: Your uploads (videos) will be sent to a third-party API and stored/processed there. Do not upload private or sensitive videos unless you trust the service and its terms/privacy policy. - Tokens: The skill will read NEMO_TOKEN from the environment or create an anonymous token automatically (the skill's instructions describe POSTing to an anonymous-token endpoint). Understand that an anonymous token grants processing access for a limited time; check rate/usage limits and what metadata the service collects. - Metadata mismatch: The SKILL.md frontmatter lists a config path (~/.config/nemovideo/) that the registry's required-configs did not. Confirm whether the skill will read or write that directory — if it does, inspect its contents for anything you wouldn't want shared. - Test safely: If you proceed, test with non-sensitive sample videos first. If possible, request the vendor's privacy/terms page or source code to increase confidence. If you want, I can try to summarize exactly which API calls and headers the skill will use (so you can audit network behavior) or suggest safer alternatives for local-only clipping workflows.

Review Dimensions

Purpose & Capability: noteThe skill name/description (convert YouTube videos into clips) aligns with the runtime instructions which call a remote 'nemovideo' API and require a NEMO_TOKEN. That credential and the described endpoints are coherent with the stated purpose. However, the published registry metadata reported 'required config paths: none' while the SKILL.md frontmatter declares a configPaths entry (~/.config/nemovideo/), an inconsistency that is unexplained.
Instruction Scope: noteSKILL.md is clear about the flow: check for NEMO_TOKEN, obtain an anonymous token via the service if missing, create sessions, upload files or URLs, poll render status, and return download URLs. All file/network actions are directed to the stated backend. The notable runtime behavior is that user video files (or local file paths) will be uploaded to an external endpoint — expected for this capability but important for privacy. The instructions do not ask the agent to read arbitrary system secrets or unrelated files, but they do reference uploading local file paths and a config path in the frontmatter (mismatch with registry).
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes installation risk (nothing written to disk by the registry).
Credentials: noteOnly a single credential is required (NEMO_TOKEN), which is proportional to a cloud API client. The skill will also obtain an anonymous token from the remote service if NEMO_TOKEN is absent. The frontmatter's configPaths entry (~/.config/nemovideo/) is declared in SKILL.md but not in the registry's 'required config paths' — this discrepancy should be resolved; if the skill actually needs to read that path, it raises additional scope and privacy considerations.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide privileges. It uses ephemeral session tokens and normal API calls. Autonomous invocation (model-driven use) is allowed by default but is not a unique red flag here.