Skillv1.0.0

ClawScan security

Add Subtitle To Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 8:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a cloud video-captioning purpose, but there are metadata/instruction mismatches and a few surprises (automatic anonymous token issuance and filesystem probing) that should be clarified before trusting it with sensitive content.
Guidance: This skill generally does what it says — it uploads videos to nemovideo.ai and returns processed files — but there are a few things to confirm before installing or using it with sensitive content: (1) The registry and SKILL.md disagree about config paths and token handling — ask the author whether the skill will persist the anonymous token to disk (~/.config/nemovideo/ or elsewhere) and how long it is kept. (2) The skill will probe the install path and the skill's own frontmatter to set attribution headers; if you require strict filesystem isolation, this is relevant. (3) If you don't already have a NEMO_TOKEN, the skill will request an anonymous token from mega-api-prod.nemovideo.ai — review that service's privacy/retention and what data it receives (your uploaded videos). (4) If you plan to upload sensitive or private videos, verify the backend's security/privacy and consider not providing long‑lived credentials. If you need higher assurance, request the skill's homepage/source or ask the owner to explain the config/token persistence and provide a clear privacy/data-retention statement.

Review Dimensions

Purpose & Capability: noteThe skill's actions (upload, SSE, render, export) all target a single video-processing backend (mega-api-prod.nemovideo.ai), which matches the stated purpose. However, registry metadata listed no config paths while the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) and primaryEnv NEMO_TOKEN — this discrepancy between declared registry requirements and in-document requirements is inconsistent.
Instruction Scope: noteThe instructions remain focused on video upload, session management, SSE, and export flows for the nemovideo.ai service. They also instruct the agent to read the skill's YAML frontmatter and detect an install path (~/.clawhub/, ~/.cursor/skills/) to set attribution headers, which requires probing the filesystem beyond purely processing user-supplied files. That filesystem probing and the obligation to add attribution headers are out-of-band behaviors worth noting.
Install Mechanism: okNo install spec and no code files — instruction-only skill — so nothing is downloaded or written by an installer. This is the lowest install risk.
Credentials: noteOnly one credential (NEMO_TOKEN) is declared, which is appropriate for a cloud API. But SKILL.md includes an alternate flow to POST to an anonymous-token endpoint and treat the returned data.token as NEMO_TOKEN if none is present. That behavior (auto-provisioning an anonymous token) is plausible but conflicts with the registry's 'required env var' claim and raises questions about whether tokens are persisted, where they are stored, and what the anonymous token's privileges/retention are.
Persistence & Privilege: okSkill is not always‑on and does not request elevated platform privileges. It uses ephemeral session tokens and cloud job IDs; nothing in SKILL.md requests modifying other skills or global config. The one persistence question is whether the generated anonymous NEMO_TOKEN is stored to disk/config (SKILL.md is silent).