ClawHub

E Learning Video Maker

v1.0.0

You recorded 8 hours of screen share with your voice-over for your online course on financial modeling, uploaded it to Teachable, and three months later you...

0· 30·0 current·0 all-time
by@udnerc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise (transform raw recordings into structured e-learning modules and export SCORM/video outputs) aligns with the single declared runtime requirement (NEMO_TOKEN) and the included curl example calling a nemovideo API — these are coherent for a cloud video-processing service.
Instruction Scope
The SKILL.md instructs the agent to POST course inputs (and implicitly upload recordings) to https://mega-api-prod.nemovideo.ai using Authorization: Bearer $NEMO_TOKEN, which matches the stated purpose. However, the skill will transmit potentially large and sensitive user data (raw recordings, course content) to an external endpoint; the SKILL.md also contains metadata referencing a config path (~/.config/nemovideo/) that was not listed in the registry summary, an inconsistency worth clarifying.
Install Mechanism
Instruction-only skill with no install spec or code files — nothing is written to disk by an installer and no third-party packages are pulled in by the skill itself.
Credentials
Only a single credential (NEMO_TOKEN) is required, which is proportional for a cloud API. Users should confirm the token's scope/permissions and that it is issued by a legitimate provider before granting it.
Persistence & Privilege
The skill is not always-on and uses normal autonomous invocation defaults. It does not request persistent system-wide privileges or modify other skills' configs in the provided materials.
Assessment
This skill behaves like a cloud video-processing integration: it sends raw recordings and course data to an external API using a single bearer token (NEMO_TOKEN). Before installing: 1) confirm the domain (mega-api-prod.nemovideo.ai) and the vendor are legitimate and review their privacy/security policies; 2) ensure NEMO_TOKEN is scoped/minimized and rotate it if compromised; 3) avoid uploading recordings containing student PII or sensitive corporate data unless you have explicit consent and the vendor meets your compliance needs; 4) ask the publisher to clarify the ~./config/nemovideo/ metadata mismatch in the manifest. If any of these checks fail or you cannot verify the service, treat the skill as risky and do not provide your token.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fqzzbz1vt1dppscpazaejqx849q47

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💻 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments