ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Easy Avatar Video

v1.0.0

Cloud-based easy-avatar-video tool that handles creating spokesperson videos without filming real people. Upload TXT, DOCX, PDF, MP3 files (up to 200MB), des...

0· 18·0 current·0 all-time
by@mhogan2013-9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (avatar video generation) aligns with the runtime instructions which call a nemovideo.ai rendering API and accept uploads. The skill declares NEMO_TOKEN as the primary credential which is consistent with a cloud API. However, the SKILL.md frontmatter requests a config path (~/.config/nemovideo/) while the registry metadata at the top listed no required config paths — this mismatch is incoherent and should be clarified.
!
Instruction Scope
The SKILL.md gives detailed runtime steps: use NEMO_TOKEN if present, otherwise obtain an anonymous token via POST to https://mega-api-prod.nemovideo.ai, create sessions, post SSE messages, upload user files, and poll renders. Those actions match the stated purpose, but the file contains a detected prompt-injection pattern (unicode-control-chars). The instructions also require the agent to 'auto-detect' an install path for X-Skill-Platform and to include attribution headers that must match the frontmatter — these add extra system probing (reading install path/frontmatter) and risk accidental leakage. The doc explicitly tells the agent not to print tokens, but it does not specify secure storage for tokens/session IDs.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be written to disk by an installer. This is the lowest install risk.
!
Credentials
Only one required environment variable (NEMO_TOKEN) is declared, which is proportionate to a cloud API integration. However, there is an inconsistency: the registry summary says no required config paths, while the SKILL.md frontmatter lists ~/.config/nemovideo/ as a required config path. That suggests the skill may expect to read files from that directory (credentials/config) which increases sensitivity. The anonymous-token flow is provided as a fallback, which is preferable to requiring a long-lived token, but the skill does not explain secure handling of tokens.
Persistence & Privilege
The skill is not forced-always and does not declare system-wide persistence. It asks to persist a session_id (typical for remote APIs), but it does not ask to modify other skills or system settings. Default autonomous invocation is allowed (normal), so if you enable the skill it could be invoked without explicit user action — combine that fact with credential use if you are concerned.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found unicode control characters (a common prompt-injection pattern). This is not necessary for an API-integration skill and could indicate an attempt to manipulate parsers or evaluations. Recommend reviewing the raw SKILL.md for hidden/control characters and ensuring the content has not been tampered with.
What to consider before installing
This skill mostly does what it says (remote avatar video rendering) and only requests one API token, but there are a few red flags you should check before installing: (1) Verify the skill source and owner — no homepage or known publisher is provided. (2) Confirm the domain (mega-api-prod.nemovideo.ai) is legitimate for the service you intend to use. (3) Prefer using the anonymous-token flow for ephemeral tokens rather than placing a long-lived NEMO_TOKEN in your environment. (4) Inspect and confirm why ~/.config/nemovideo/ is needed (registry metadata vs frontmatter mismatch). Don't give broad or long-lived credentials unless you trust the service. (5) Review the SKILL.md for invisible/control characters (the scanner flagged unicode-control-chars). (6) Test with non-sensitive/dummy data first and monitor outbound requests and logs. If you are unsure about the token scope or where session tokens are stored, do not install or share real credentials until the developer clarifies these points.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ckbe7q19vpt4qtkpjqxv0d84kt3v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧑‍💻 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments