Skillv1.0.0

ClawScan security

Text To Video Chinese Ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 7:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a text→video service (it uses a nemo API and a NEMO_TOKEN), but there are inconsistencies and privacy/transparency issues (an undocumented config-path request in the SKILL.md frontmatter, automatic anonymous-token generation, and unclear storage of session tokens) that warrant caution before installing.
Guidance: This skill appears to implement a legitimate text→video workflow and only needs the service token (NEMO_TOKEN) to operate, but there are a few things to check before installing: 1) Clarify the config-path behavior: ask the publisher why the SKILL.md frontmatter references ~/.config/nemovideo/ and whether the skill will read or write files there; if you don't want local config read, deny that access. 2) Prefer to supply your own NEMO_TOKEN rather than allowing the skill to generate anonymous tokens automatically; anonymous-token creation means the skill will make outbound network calls without explicit user action. 3) Ask where session_id and tokens are stored and whether they persist across runs; persistent storage could expose credentials. 4) Because the skill hides raw API responses/tokens from the user, monitor network activity or audit logs if possible. If the publisher cannot clearly explain the config-path and storage behavior, treat the skill as higher risk and avoid installing it on sensitive accounts or machines.

Review Dimensions

Purpose & Capability: concernThe declared primary credential (NEMO_TOKEN) and the API endpoints in the instructions line up with a cloud text→video service — this is expected. However, the SKILL.md frontmatter includes a configPaths entry (~/.config/nemovideo/) while the registry metadata shown earlier did not declare any required config paths; that mismatch is unexplained and suggests the skill may attempt to read user config files that are not documented in the registry.
Instruction Scope: concernRuntime instructions direct the agent to (a) automatically connect on first use, (b) POST to the nemovideo API to obtain an anonymous token when NEMO_TOKEN is not present, (c) store a session_id for subsequent calls, and (d) suppress display of raw API responses/tokens to users. Those behaviors are plausible for this service, but the instructions do not state where session tokens are stored or whether the skill will read local config files — and the directive to hide raw token/response data reduces transparency for users.
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code. That minimizes disk-write and supply-chain risk.
Credentials: concernRequesting a single service token (NEMO_TOKEN) is proportional to the described functionality. However, the SKILL.md frontmatter's configPaths (~/.config/nemovideo/) would grant access to a user directory that could contain credentials or other data; this access is not declared in the registry metadata and has no justification in the prose, creating an inconsistency and privacy concern.
Persistence & Privilege: noteThe skill does not request 'always: true' and is not asking for elevated platform privileges. Still, it instructs the agent to 'store' the session_id and to create an anonymous token when no NEMO_TOKEN is present — the storage location/mechanism is unspecified. Combined with the unexplained configPath in the frontmatter, this creates uncertainty about whether the skill will write persistent data or read existing local credentials.