Skillv1.0.0

ClawScan security

Youtube Video Subtitle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 5:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match a cloud subtitle service (NEMO_TOKEN and API calls) but metadata asks for a local config path that the runtime doc never uses — a small but unexplained mismatch that could grant extra local access.
Guidance: This skill largely behaves like a thin client for a cloud subtitle service (nemovideo.ai) and will use a NEMO_TOKEN (or obtain an anonymous token) to upload videos and request renders. Before installing: 1) Confirm you trust the destination domain and the skill author (no homepage/source provided). 2) Ask why the skill metadata requires ~/.config/nemovideo/ — refuse or sandbox filesystem access if you don't want local config read. 3) Prefer using an anonymous or limited-scope token (not a long-lived personal token tied to other accounts). 4) Consider privacy: any uploaded video and audio are sent to the remote service. 5) If you need higher assurance, request the skill's source or a published homepage and check that the service owner matches your expectations.

Review Dimensions

Purpose & Capability: concernThe skill name/description and runtime instructions consistently describe a cloud-based YouTube subtitle service that uses a NEMO_TOKEN bearer token and endpoints at mega-api-prod.nemovideo.ai — that part is coherent. However, the registry metadata also declares a required config path (~/.config/nemovideo/) even though SKILL.md never explains reading or writing that directory. Requesting access to a local config directory is not justified by the instructions and is disproportionate to the described purpose.
Instruction Scope: noteSKILL.md sticks to expected actions: check for NEMO_TOKEN, obtain an anonymous token from the remote auth endpoint if missing, create sessions, upload video files, and stream SSE responses. It instructs not to expose tokens or raw API output. Minor scope oddities: it says to auto-detect an install path to set X-Skill-Platform (clawhub/cursor/unknown), which implies reading runtime/install context; this is a small extra capability but not obviously malicious.
Install Mechanism: okNo install spec or code files are present (instruction-only). Nothing will be downloaded or written by an installer as part of skill installation — lowest-risk install mechanism.
Credentials: concernRequiring a single primary credential (NEMO_TOKEN) is appropriate for a cloud video-processing service. The concern is the additional declared configPaths (~/.config/nemovideo/) in metadata: that path could contain unrelated credentials or data. The SKILL.md does not state why that path is required or what would be read from it, so the declared filesystem access appears disproportionate.
Persistence & Privilege: okThe skill is not marked always:true, is user-invocable, and allows normal autonomous invocation (platform default). It does not request system-wide or other-skills modifications in the instructions. Session IDs are kept for job tracking only, which is expected behavior.