ClawHub

Construction Safety Video

v1.0.0

Your construction company had zero lost-time incidents last year, runs mandatory weekly toolbox talks, and has a safety officer who has updated every procedu...

0· 29·0 current·0 all-time
by@siddylcon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description describe generating construction safety training videos. The SKILL.md shows a single external API call to a video-generation service (nemovideo) using NEMO_TOKEN, which matches the claimed purpose. Minor concerns: the package has no homepage or publisher info (source: unknown), which reduces transparency.
Instruction Scope
Runtime instructions are limited and explicit: a curl POST to https://mega-api-prod.nemovideo.ai/api/v1/generate with Authorization: Bearer $NEMO_TOKEN. The instructions do not reference unrelated files, other env vars, or system paths in the actionable curl example.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is written to disk by the skill package itself (lowest install risk).
Credentials
Only NEMO_TOKEN is required (declared as primaryEnv), which is proportionate for an external API. One inconsistency: SKILL.md metadata references a config path (~/.config/nemovideo/) while the registry requirements listed no config paths. Confirm whether the skill expects a local config directory in addition to the token.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. Agent autonomous invocation is allowed (default) but not combined with other elevated privileges.
Assessment
This skill is coherent with its stated purpose: it sends your input to an external NemoVideo API using a single NEMO_TOKEN. Before installing, confirm the identity and reputation of the nemo service (no homepage or publisher is provided), ensure the NEMO_TOKEN is scoped/minimal and rotatable, and avoid sending sensitive personal data or credentials through the skill. Also verify whether the skill expects a local config directory (~/.config/nemovideo/) as SKILL.md metadata suggests — if so, check what files would be stored there and who can access them. If you proceed, monitor API usage and rotate the token if you see unexpected calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bdcrg41nsmkt2v9f4e2rkmd849ty5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦺 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments