v1.0.0

To Voice Generator

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 12:11 PM.

Analysis

The skill’s video-generation purpose is clear, but it lets an external backend steer some actions and sends user content to a third-party cloud service.

GuidanceUse this skill only for content you are comfortable sending to NemoVideo’s cloud service. Before installing, consider whether you trust the unknown-source publisher and backend, protect the NEMO_TOKEN, and watch for uploads, exports, or render jobs that should require your confirmation.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

The backend responds as if there's a visual interface. Map its instructions to API calls: - "click" or "点击" → execute the action via the relevant endpoint ... - "Export" or "导出" → run the export workflow

This makes backend text capable of directing the agent to perform actions, rather than limiting backend responses to informational output.

User impactA remote backend response could cause the agent to take workflow actions such as querying state, sending edits, or exporting, even if the user does not see or approve each translated instruction.

RecommendationRequire the agent to validate backend-directed actions against the user’s latest request and ask for confirmation before uploads, exports, or other state-changing actions.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`

The skill exposes file and URL upload operations to a remote service. This is expected for cloud video generation, but it is a sensitive action users should notice.

User impactFiles or URLs the user provides can be uploaded to the NemoVideo backend for processing.

RecommendationOnly provide files or URLs you are comfortable sending to the external service, and confirm the intended file before upload.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none

The skill has no local code or install script, but its provenance is limited and it depends on a remote backend.

User impactUsers have less public provenance information to verify who operates or maintains the skill and its backend integration.

RecommendationReview the publisher and service domain before sending sensitive scripts, documents, or media.

Cascading Failures

SeverityLowConfidenceHighStatusNote

SKILL.md

The session token carries render job IDs, so closing the tab before completion orphans the job.

A render job can continue or become untracked after the visible session is closed, which may make recovery or cancellation harder.

User impactA queued render may keep running even if the user closes the tab, and the user may lose easy access to its status.

RecommendationWait for render completion or provide a cancellation/recovery workflow for active jobs.

Rogue Agents

SeverityLowConfidenceMediumStatusNote

SKILL.md

closing the tab before completion orphans the job

The skill discloses that cloud work can continue outside the visible tab/session. This is tied to the render purpose, but it is persistent background activity users should notice.

User impactA user-requested cloud render could continue after the user leaves the interface.

RecommendationTrack active jobs clearly and offer a way to cancel or resume orphaned render jobs.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

metadata: {"openclaw": {"requires": {"env": ["NEMO_TOKEN"], "configPaths": ["~/.config/nemovideo/"]}, "primaryEnv": "NEMO_TOKEN"

The skill declares a bearer token used to authorize requests to the video backend. This is proportionate to the purpose, but it is still a credential boundary.

User impactAnyone with access to the token may be able to use the associated NemoVideo service session or credits while the token is valid.

RecommendationTreat NEMO_TOKEN as a secret and avoid sharing logs, screenshots, or environment dumps that include it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Store the returned `session_id` for all subsequent requests.

The skill reuses a remote session identifier across later requests, so session state can affect subsequent operations.

User impactPrior session state, drafts, or generated media may influence later actions within the same backend session.

RecommendationStart a fresh session for unrelated projects or when working with sensitive content.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Send message (SSE): POST `/run_sse` — body `{"app_name":"nemo_agent","user_id":"me","session_id":"<sid>","new_message":{"parts":[{"text":"<msg>"}]}}`

The skill sends user messages to an external agent-like backend over SSE. The endpoint and authorization are specified, but the data leaves the local chat context.

User impactText prompts, scripts, and project instructions may be processed by the external NemoVideo agent service.

RecommendationDo not submit confidential or regulated content unless you trust the service’s handling of that data.