Skillv1.0.0

ClawScan security

Video Face · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (cloud-based face swap using a NEMO_TOKEN) matches its description, but there are small metadata/instruction mismatches and a runtime step that probes install/config paths which you should understand before installing.
Guidance: This skill appears to do what it claims (server-side face swapping) and needs a NEMO_TOKEN. Before installing: 1) Be aware the skill may probe your agent install path and a config directory (~/.config/nemovideo/) to set attribution headers — if you prefer not to reveal that information, do not install or run it. 2) The skill will either use any NEMO_TOKEN in your environment or request an anonymous token from the remote API automatically; avoid exposing sensitive credentials. 3) Video face-swap can be privacy- and legally-sensitive—only upload material you own or have permission to process. 4) Because the skill source is unknown and registry metadata conflicts with SKILL.md, prefer using a throwaway/anonymous token or contact the provider for a privacy/retention policy before trusting sensitive content.

Review Dimensions

Purpose & Capability: noteThe name/description (remote GPU face-swap) aligns with the declared primary credential (NEMO_TOKEN) and the API endpoints in SKILL.md. However, registry metadata said no required config paths while the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) — an inconsistency in declared requirements.
Instruction Scope: concernInstructions are detailed and constrained to the face-swap workflow (session creation, upload, SSE, export). But the runtime steps include detecting the agent install path (e.g., checking ~/.clawhub or ~/.cursor/skills/) and reading the file's YAML frontmatter to populate attribution headers. Probing install paths / filesystem to set headers is outside the core need to process a user-supplied video and may expose filesystem presence information; this is a scope creep worth noting.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials: noteOnly one credential (NEMO_TOKEN) is required and is appropriate for a cloud service. The SKILL.md also mentions a config path in metadata (~/.config/nemovideo/), which was not listed in the registry metadata — inconsistent declarations. The skill will also generate/obtain an anonymous token if NEMO_TOKEN is absent, which is expected but means the agent will make network calls to acquire tokens automatically.
Persistence & Privilege: okThe skill does not request always:true and does not declare any elevated persistence. It uses transient session tokens for jobs and does not instruct modifying other skills or global agent settings.