Skillv1.0.0

ClawScan security

In One Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:31 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its name says (cloud video merging) and only needs a NEMO_TOKEN, but there are small inconsistencies and privacy-relevant instructions (install-path detection, frontmatter/configPath mismatch, anonymous-token creation) that merit caution before installing.
Guidance: This skill appears to do what it says (upload clips to nemo backend and return a merged video) and needs a single credential (NEMO_TOKEN). Before installing, consider: 1) Privacy: the skill may read your agent's install path and the skill file frontmatter to populate X-Skill-Platform and X-Skill-Version headers — this can reveal local path information (usernames or environment details). 2) Token handling: if you don't supply NEMO_TOKEN the skill will request an anonymous token from https://mega-api-prod.nemovideo.ai (external network call) and use it for uploads; ask whether that temporary token will be stored persistently. 3) Metadata inconsistency: SKILL.md frontmatter references a config path (~/.config/nemovideo/) that the registry didn't list — clarify whether the skill will read or write that directory. 4) Data exposure: you will be uploading video/audio files to an external cloud service — confirm the service's privacy policy and retention practices before sending sensitive content. If you want to proceed, prefer explicitly providing an account token (not relying on anonymous token creation), and ask the skill author to remove or document install-path detection and any persistent storage of tokens or files.

Review Dimensions

Purpose & Capability: noteThe skill's name and description align with the runtime instructions: it uploads user videos to a nemo video backend, creates sessions, and returns rendered MP4s. Asking for a single NEMO_TOKEN is reasonable. However, the SKILL.md asks the agent to detect the local install path (to fill X-Skill-Platform) and to read the YAML frontmatter version — both require reading local state/paths that are not strictly required to perform video merging and could leak local environment details. Also the SKILL.md metadata lists a configPaths entry (~/.config/nemovideo/) while the registry top-level metadata reported no required config paths, which is an internal inconsistency.
Instruction Scope: noteAll explicit instructions are about obtaining/using NEMO_TOKEN, creating sessions, uploading files, reading SSE, polling export status, and returning download URLs — which is within scope. The skill instructs generating an anonymous token from mega-api-prod.nemovideo.ai if no NEMO_TOKEN exists (network call), and to include attribution headers derived from local install path and frontmatter. These instructions require: (a) outbound network calls to a third-party API (expected for cloud rendering), and (b) reading local paths/metadata to build headers (privacy-sensitive). The skill does not instruct reading arbitrary other files, but the install-path detection and frontmatter reading are broader than strictly necessary.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest-risk install surface. There is no package download or archive extraction.
Credentials: concernOnly NEMO_TOKEN is declared as required which is proportionate. However: (1) the SKILL.md metadata also lists a configPaths entry (~/.config/nemovideo/) that wasn't declared in the registry's top-level requirements — this mismatch is concerning and unclear; (2) the skill will generate an anonymous token by POSTing to an external endpoint if NEMO_TOKEN is absent (the agent will receive a temporary token with credits and expiry); (3) the requirement to infer X-Skill-Platform from local install paths can expose local filesystem layout or usernames. These behaviors are not necessarily malicious but are privacy-relevant and should be visible/explicit to users/administrators.
Persistence & Privilege: okThe skill does not request 'always: true' and is not force-included. It instructs keeping session_id in memory for operations but doesn’t direct permanent changes to other skills or system-wide settings. The SKILL.md does not explicitly instruct writing tokens to disk, though an implementation might; confirm whether tokens are stored persistently before installing.