Skillv1.0.0

ClawScan security

Text To Video Creator Free · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 5:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared token requirement and API calls match a text→video service, but metadata and runtime instructions contain inconsistent/unclear requests to read local config/install paths that could expose local secrets — ask for clarification before installing or providing credentials.
Guidance: This skill mostly behaves like a front-end for nemo-video cloud APIs and asking for NEMO_TOKEN is expected. Before installing or using it, verify the following: (1) Confirm why SKILL.md metadata lists ~/.config/nemovideo/ and install-path detection — ask the author whether the skill will read local config directories and what it will look for. (2) Do not provide sensitive or long-lived credentials unless you trust the source; if possible use an ephemeral/anonymous token or a limited-scope token. (3) Avoid uploading local files you don't want sent to a third-party cloud. (4) Because the package has no homepage or published source, request the source code or a privacy/security policy from the publisher; lack of a trusted origin raises risk. If the author confirms the config-path entry is unused or limited to reading only the skill's own frontmatter, the skill is more coherent; if it reads arbitrary ~/.config/* files, treat it as unsafe.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (text→video) align with the runtime actions: it calls a nemo-video backend, creates sessions, uploads files, and renders MP4s. Requesting a NEMO_TOKEN as the primary credential is coherent. However, the YAML frontmatter inside SKILL.md declares a config path (~/.config/nemovideo/) and install-path detection that is not reflected in the registry metadata (registry reported no required config paths). This mismatch is unexplained and worth asking about.
Instruction Scope: noteMost instructions are scoped to the nemo video API endpoints (session creation, SSE, upload, render, credits). Accepts local file uploads (multipart @/path) which is expected for a video tool. Concerning parts: it instructs the agent to read the skill's YAML frontmatter at runtime and to detect an install path (checking ~/.clawhub/ or ~/.cursor/skills/), and SKILL.md metadata mentions reading ~/.config/nemovideo/. Those operations involve inspecting local filesystem paths and could surface other local config or tokens if implemented broadly.
Install Mechanism: okNo install spec or code files are present (instruction-only). This minimizes direct code installation or arbitrary third-party downloads.
Credentials: concernThe only declared required env var is NEMO_TOKEN, which is appropriate. But SKILL.md's frontmatter also lists a config path (~/.config/nemovideo/) in its 'requires' metadata, while the registry lists no required config paths — an inconsistency. If the runtime implementation actually reads that config directory, it could access other tokens or local config unexpectedly. The anonymous-token fallback flow is documented (POST to the API) which is reasonable, but granting any long-lived token should be done cautiously.
Persistence & Privilege: okThe skill does not request always:true and does not declare persistence or system-wide modification. It appears to operate per-session against a cloud API; autonomous invocation is allowed (platform default) but not otherwise privileged.