ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Editor Ai En Espanol

v1.0.0

Cloud-based editor-ai-en-espanol tool that handles editing videos with AI tools in Spanish language. Upload MP4, MOV, AVI, WebM files (up to 500MB), describe...

0· 53·0 current·0 all-time
by@tk8544-b
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim cloud-based Spanish video editing and the runtime instructions call a Nemovideo backend for uploads, session management, SSE, and exports — this is coherent. However the registry metadata said no config paths while the SKILL.md frontmatter references a config path (~/.config/nemovideo/) and lists NEMO_TOKEN as required; that mismatch is unexplained.
Instruction Scope
Instructions stay within editing/export workflows (session creation, uploads, SSE streaming, polling render status). They explicitly instruct sending user media to https://mega-api-prod.nemovideo.ai and creating/retrieving a NEMO_TOKEN if absent. A minor scope creep: the skill instructs deriving X-Skill-Platform from local install paths (reading install path patterns), which implies filesystem inspection that isn't necessary for core functionality.
Install Mechanism
This is an instruction-only skill with no install spec or shipped code files, so nothing will be downloaded or written to disk by an installation step.
Credentials
The skill declares a single primary credential (NEMO_TOKEN), which is appropriate for a cloud API. But the SKILL.md also documents an anonymous-token flow that obtains a token if NEMO_TOKEN is missing — making the 'required env var' claim ambiguous. No other unrelated secrets are requested.
Persistence & Privilege
always:false and no claims of modifying other skills or system-wide configs. Session IDs are retained per the normal workflow; no elevated or persistent system privileges are requested.
What to consider before installing
This skill will upload any video files you provide to an external service (mega-api-prod.nemovideo.ai) for cloud processing — confirm you are comfortable with that. Note these points before installing: (1) The registry metadata and the SKILL.md disagree about config paths and the token requirement: the skill lists NEMO_TOKEN as required but also documents an anonymous-token flow that can create a token automatically. Ask the author which behavior is intended. (2) The SKILL.md references reading install/config paths (~/.config/nemovideo/ and detecting install path) — if you have sensitive config files in those locations, verify whether the skill will actually access them. (3) There is no shipped code to audit (instruction-only), so trust is placed in the remote API; review the service hostname and privacy terms before sending private or sensitive video content. If you need higher assurance, request a version with explicit, minimal permission requirements or host processing on a service you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f6swrqqnrnhcexbqx2cf0fx84jck0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments