Skillv1.0.0

ClawScan security

Seedance Alternative · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 4:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared need for a single NEMO_TOKEN matches its video-generation purpose, but inconsistencies in the manifest and instructions plus undisclosed filesystem checks and automatic anonymous-token acquisition raise privacy and provenance concerns.
Guidance: This skill appears to be what it claims (an interface to a remote video-generation API) but has some unexplained behaviors you should consider before installing: - Provenance: the skill has no homepage or source repository listed. Prefer skills backed by a known project or vendor. Ask the author for a source URL and privacy/security docs. - Token handling: you can provide a NEMO_TOKEN or the skill will fetch an anonymous token for you. Only supply a full NEMO_TOKEN if you trust the service; otherwise let it use the anonymous flow. Verify what that token can do (scope, expiry) with the service owner. - Data exfiltration risk: the skill will send user prompts, scripts, and uploaded files to mega-api-prod.nemovideo.ai. Don’t upload passwords, private keys, medical data, or other sensitive information. Assume uploaded media and prompts are sent to and processed/stored by the external service. - Local file/config access: SKILL.md mentions reading ~/.config/nemovideo/ and detecting install paths; the registry metadata did not declare those config paths. Ask the maintainer whether the skill will read those files and what it may contain. If you are on a shared or sensitive machine, verify that no unintended local secrets will be read and transmitted. - Request evidence: ask for the skill's source code, a link to the API provider, and a privacy/terms statement. If you can’t get that, treat the skill as untrusted and avoid giving it high-sensitivity content or permanent credentials.

Review Dimensions

Purpose & Capability: noteThe skill is described as an AI video-generation frontend and only requests a NEMO_TOKEN credential, which is proportionate for a remote video API. However, the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) and runtime logic to detect install paths (e.g., ~/.clawhub/, ~/.cursor/skills/) — these filesystem access checks are not reflected in the top-level registry 'requirements' (which listed no config paths). That mismatch is unexplained.
Instruction Scope: concernThe runtime instructions direct the agent to: (a) use NEMO_TOKEN if present, otherwise request an anonymous token from https://mega-api-prod.nemovideo.ai, (b) create sessions and send user content (including file uploads) to that external API, and (c) detect install/platform by probing local install paths. Probing install paths and the declared config directory are out-of-band for a simple 'describe and generate' flow and could result in reading local configuration or metadata not described elsewhere. The instructions also tell the agent to keep technical details out of chat (a terse instruction that could obscure what is sent).
Install Mechanism: okNo install spec or code files are present; this is instruction-only, which minimizes on-disk installation risk. Network calls are performed at runtime per the SKILL.md rather than by installing third-party code.
Credentials: noteOnly a single environment variable (NEMO_TOKEN) is declared as required which fits the stated API use. But the SKILL.md also declares a config path (~/.config/nemovideo/) and runtime detection of install paths; these imply the skill may read local config files or tokens that were not declared in the registry metadata. That divergence should be clarified before trusting the skill with other local credentials or sensitive files.
Persistence & Privilege: okThe skill is not always-on and uses normal autonomous invocation. It does not request system-wide changes or declare persistent privileges. No install-time persistence is described.