Skillv1.0.0

ClawScan security

Free Video Generation Grok · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 6:01 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a cloud video-generation integration (it uses a NEMO_TOKEN and specific nemovideo.ai endpoints), but there are provenance and metadata inconsistencies and a few runtime behaviors that warrant caution before installing.
Guidance: This skill appears to be a straightforward remote video-generation integration, but take these precautions before installing or using it: - Provenance: there is no homepage or verifiable source and the owner ID is opaque. Prefer skills from known authors or with a public project page. - Token use: NEMO_TOKEN grants API access to nemovideo.ai and can be used to upload content and trigger renders. Only provide a token scoped and limited to this service; avoid using long-lived or high-privilege tokens. If unsure, use the anonymous-token flow or create a throwaway/test token. - Data exposure: any text prompts and uploaded files will be sent to mega-api-prod.nemovideo.ai. Do not send sensitive, private, or regulated data (PII, passwords, proprietary content) unless you trust the service and its retention policy. - Filesystem check: the skill will check common install paths to set an X-Skill-Platform header — this requires reading some paths in your home directory. If you prefer the skill not to read filesystem locations, request a version that omits platform detection. - Metadata mismatch: the SKILL.md frontmatter lists a config path (~/.config/nemovideo/) while registry metadata claimed none — ask the author to clarify what local config (if any) the skill will read or write. - Verify endpoints: the skill uses HTTPS endpoints on nemovideo.ai; confirm you expect the service and review its privacy/terms if you plan to upload content. If you want to proceed: supply a scoped/limited NEMO_TOKEN (or rely on the anonymous-token flow), avoid uploading sensitive files, and consider asking the author for a provenance link or code repository to increase trust.

Review Dimensions

Purpose & Capability: noteName/description align with making video renders via a remote API and the SKILL.md declares NEMO_TOKEN as the primary credential and calls nemovideo.ai endpoints — that is coherent. However, the registry metadata reported no required config paths while the SKILL.md frontmatter lists a config path (~/.config/nemovideo/) — this mismatch should be clarified. Also the skill has no homepage or verifiable source and the owner ID is opaque, which reduces provenance confidence.
Instruction Scope: noteRuntime instructions are detailed and stay within the video-generation domain: authenticating (either using NEMO_TOKEN or obtaining an anonymous token), creating sessions, sending SSE messages, uploads, exports, and polling render status. The skill instructs the agent to detect install paths (~/.clawhub, ~/.cursor/skills/) to populate X-Skill-Platform headers — that requires reading filesystem paths (a minor scope expansion). The instructions do not ask to read unrelated user files or other environment variables, nor to exfiltrate data to unexpected endpoints (all endpoints are at mega-api-prod.nemovideo.ai).
Install Mechanism: okNo install spec or code files — instruction-only. This is the lowest-risk install mechanism because nothing is downloaded or written by the skill package itself.
Credentials: noteOnly one credential is required (NEMO_TOKEN) and it is appropriate for a cloud API integration. The SKILL.md also offers an anonymous-token flow that POSTs to the vendor's anonymous-token endpoint and uses that token for up to 7 days/100 credits — this is reasonable but means the skill will perform network calls to obtain temporary credentials if a token isn't supplied. The earlier registry summary said no config paths but SKILL.md requests ~/.config/nemovideo/ in frontmatter — this inconsistency should be resolved. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request always:true and uses the platform default for autonomous invocation. It does not declare any self-modifying installs or system-wide configuration changes. The only minor privilege-like action is detecting install path(s) to populate an attribution header, which requires reading limited filesystem paths in the user's home directory.