Skillv1.0.0

ClawScan security

Free Text Maker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (turn text into short videos) matches the APIs it calls and the single NEMO_TOKEN credential, but there are small inconsistencies (metadata vs SKILL.md), and the runtime instructions require uploading user content and reading install/config paths — review data exposure and the unknown service before use.
Guidance: What to consider before installing: - Data exposure: This skill uploads text and files (up to 500MB) to mega-api-prod.nemovideo.ai. Don’t use it with confidential or regulated data unless you verify the vendor’s privacy/retention policy. Consider using throwaway or minimal-permission NEMO_TOKENs for testing. - Credential handling: You can set your own NEMO_TOKEN or let the skill mint an anonymous token. Treat the token like an API key — don’t paste other secrets into the chat. Confirm what account the token maps to and its expiry/credits. - Metadata inconsistency: SKILL.md mentions a config path (~/.config/nemovideo/) and that the agent will detect install paths to set X-Skill-Platform; the registry metadata did not list these. This implies the skill may read filesystem paths to determine platform — ask the author to clarify what local paths the skill will access and why. - Unknown publisher and no homepage: There is no homepage or additional publisher information. If you need higher assurance, ask for a vendor site, documentation, or an official SDK repository to confirm ownership of the API endpoints. - Minimal risk mitigations: Test with non-sensitive content first, use an account with limited permissions/credits, and request the vendor’s data retention and deletion policy. If you are uncomfortable with uploads to an unknown third party, do not install/use the skill. If you want, I can draft questions to send to the skill author (or vendor) to clarify the config path usage, data retention, and what the NEMO_TOKEN scopes represent.
Findings: [no_regex_findings] expected: The repository contained only SKILL.md (instruction-only), so the regex-based scanner reported no findings. This is expected but means there is no static-code evidence to inspect; the runtime instructions are the primary security surface.

Review Dimensions

Purpose & Capability: noteThe skill name/description (text→video) aligns with the single required credential NEMO_TOKEN and the documented API endpoints under mega-api-prod.nemovideo.ai. However, SKILL.md frontmatter lists a config path (~/.config/nemovideo/) and platform-detection rules that are not present in the registry-level metadata — an internal inconsistency. Also the skill has no homepage or known publisher info, reducing ability to verify the remote service.
Instruction Scope: concernThe SKILL.md instructs the agent to (a) use or mint a NEMO_TOKEN via an anonymous-token endpoint, (b) upload user files (up to 500MB) and send user text to the nemovideo.ai API, and (c) determine X-Skill-Platform by checking install paths. Uploading user files and text to a third-party cloud service is expected for this functionality, but it is a privacy/exfiltration risk: user content (including potentially sensitive material) will be sent off-host. The requirement to detect install paths implies filesystem reads beyond the skill file. The instructions otherwise stay within the stated purpose and do not request unrelated credentials.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes disk writes and arbitrary code installation. The scanner had nothing to analyze because behavior is defined in prose.
Credentials: noteOnly a single credential (NEMO_TOKEN) is required, which is appropriate for a cloud video generation API. However, the SKILL.md frontmatter indicates a config path (~/.config/nemovideo/) and platform-detection via install paths; if implemented, that would cause the agent to read local filesystem paths. That read-access is not justified clearly in the registry metadata and increases the scope of what the skill can access.
Persistence & Privilege: okThe skill is not 'always: true' and is user-invocable; it does not request elevated or persistent platform privileges in the provided files. No instructions to modify other skills or global agent settings are present.