Skillv1.0.0

ClawScan security

Caption Maker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 5:49 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (uploads videos to an external captioning API) but has small inconsistencies and privacy-relevant behaviors you should understand before installing.
Guidance: This skill will upload your videos and metadata to a third-party service (mega-api-prod.nemovideo.ai) and may automatically obtain a short-lived anonymous token if you don't supply one. Before installing: (1) confirm you are comfortable sending your videos to that external domain (avoid uploading sensitive/private video). (2) Consider providing your own NEMO_TOKEN if you want control over credentials instead of letting the skill fetch one. (3) Ask the provider about data retention and deletion policies (how long uploaded media and generated captions are kept). (4) Be aware the skill sends a header that may reveal where the skill is installed (it inspects common install paths) — if that matters, ask for that behavior to be removed. (5) If you need higher assurance, verify the service domain and operator independently (no homepage or publisher info was provided).

Review Dimensions

Purpose & Capability: noteThe declared purpose (cloud captioning) matches the runtime actions (upload files, request renders, download results). Requesting a NEMO_TOKEN is expected. However, the metadata declares NEMO_TOKEN as required while the SKILL.md also instructs the agent to automatically obtain an anonymous token if none is set — this redundancy is inconsistent. The metadata also lists a config path (~/.config/nemovideo/) that the instructions never explicitly read, which is unnecessary or at least unexplained.
Instruction Scope: concernInstructions direct the agent to POST files and messages to an external domain (mega-api-prod.nemovideo.ai), obtain/store session tokens, and include headers that reveal detected install paths. Reading/detecting install locations (~/.clawhub/, ~/.cursor/skills/) and adding them to request headers leaks local environment details that are unrelated to captioning quality. The skill will auto-generate and store tokens and session IDs for subsequent requests — this is expected for a cloud service but is a privacy surface worth noting.
Install Mechanism: okNo install spec and no code files — instruction-only. That is the lowest-risk install mechanism: nothing additional is written to disk by an installer step. The behavioral risk comes from the runtime network calls described in SKILL.md, not from an installer.
Credentials: noteOnly one credential (NEMO_TOKEN) is declared, which is proportionate for a cloud API. But the SKILL.md's automatic anonymous-token flow (POST to anonymous-token) means the skill can obtain credentials without you providing them. The declared configPaths value is not justified by the instructions. Overall the credential request is explainable, but the automatic acquisition and local-path detection reduce transparency.
Persistence & Privilege: okThe skill is not force-enabled (always: false) and uses normal autonomous invocation. It does instruct storing session_id and tokens for subsequent requests, which is normal for a session-based API; there is no claim it modifies other skills or system-wide config.