Skillv1.0.0

ClawScan security

To Your Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 4:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's high-level purpose (cloud AI video editing) matches most instructions, but there are inconsistencies in declared metadata and the runtime instructions ask the agent to read local install paths and store/use generated tokens and to upload user videos to a third‑party service — all of which deserve clarification before use.
Guidance: Before installing or invoking this skill, consider the following: - Privacy: The skill uploads whatever video you give it to https://mega-api-prod.nemovideo.ai for server-side rendering. If your videos contain sensitive or private content, do not use this skill unless you trust that remote service and its retention policy. - Token handling: The skill will use a NEMO_TOKEN and can generate an anonymous token by calling the vendor API. Ask the author whether that token is stored only in memory or written to disk, and where it is persisted. If you prefer to control credentials, set NEMO_TOKEN yourself rather than allowing the agent to auto-generate one. - Local filesystem access: The SKILL.md instructs the agent to check local install paths (e.g., ~/.clawhub/, ~/.cursor/skills/) to populate an attribution header. This is unrelated to editing and leaks information about your environment; request that the author remove or justify this behavior. - Metadata mismatch: Registry metadata and the SKILL.md disagree about required config paths. Ask the skill author to reconcile the manifest and provide a clear privacy/security statement (what they store, retention of uploaded media, who can access rendered outputs, and whether tokens are shared). - If you decide to proceed: only upload non-sensitive test videos first, confirm where tokens/sessions are stored, and verify the download URL and retention behavior for your uploaded media. If you cannot get satisfactory answers about token persistence and config-path access, avoid installing or using the skill.
Findings: [no_code_files_detected] expected: The regex scanner found no code files because this is an instruction-only skill (SKILL.md). That explains the absence of code-based findings, but it also means the instructions are the primary security surface to review.

Review Dimensions

Purpose & Capability: noteThe skill is a cloud video-editing front end and legitimately needs a service token and remote API calls. However, registry metadata said no required config paths while the SKILL.md frontmatter declares a config path (~/.config/nemovideo/). That mismatch is an inconsistency that should be explained by the skill author.
Instruction Scope: concernThe runtime instructions will upload user video files to https://mega-api-prod.nemovideo.ai and require network calls for authentication, session creation, SSE streaming, upload, and export — which is expected for a cloud editor. However, the instructions also direct the agent to detect the local install platform by checking install paths (e.g., ~/.clawhub/, ~/.cursor/skills/) to set an X-Skill-Platform header. Reading those local paths is unrelated to video editing functionality and risks exposing environment details; this is scope creep and should be justified or removed. The skill also instructs the agent to generate and store tokens and session IDs; where and how those are persisted is not specified.
Install Mechanism: okInstruction-only skill (no install spec, no code files). This minimizes filesystem footprint and code-execution risk. Network I/O remains the primary risk vector because all editing is server-side.
Credentials: concernThe only declared credential is NEMO_TOKEN, which fits a remote API. But instructions allow the agent to obtain an anonymous token on the user's behalf (POST to the vendor endpoint) and then use/store it; it's unclear whether that token is saved to disk or environment permanently. The SKILL.md also references a local config path and requires reading install directories for attribution headers — these requests for local info are disproportionate to the stated editing task and could reveal presence of other agents or tooling.
Persistence & Privilege: noteThe skill is not always-on and does not request special platform privileges. It does instruct the agent to store a session_id for subsequent requests and to reuse a NEMO_TOKEN if present; the skill does not explicitly state where tokens/session IDs are persisted (in-memory vs disk). Confirm where the skill writes any tokens or session state before installing.