Skillv1.0.0

ClawScan security

Ai With Music · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 3:56 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (uploading user videos to a third‑party API and creating/storing a token) is coherent with its purpose, but there are inconsistent declarations and a few instruction behaviors that merit caution before installing.
Guidance: Key points before installing: - This skill uploads your video files to a third-party service (mega-api-prod.nemovideo.ai). If your videos contain sensitive content, do not upload them until you verify the service's privacy, retention, and deletion policies. - The skill expects a NEMO_TOKEN but will create an anonymous token for you if none is present; that token will be stored for later requests — ask where/how tokens/session IDs are stored and how to revoke them. - SKILL.md asks the agent to detect install paths (e.g., ~/.clawhub, ~/.cursor/skills) to set attribution headers; this implies filesystem checks. If you prefer not to allow that probing, ask the skill author to remove or explain this behavior. - There are metadata inconsistencies (declared required env var vs. anonymous-token fallback; a configPaths entry in frontmatter that isn't reflected in registry metadata). Ask the publisher to clarify these points. - If you decide to proceed: prefer using a disposable or limited-scope token, review/ask for the service's privacy and retention policy, and avoid uploading videos you cannot share externally. If you need higher assurance, request an implementation that documents exactly where tokens/sessions are stored and that does not probe unrelated local paths.
Findings: [no-findings] expected: The regex scanner found nothing; this is an instruction-only skill so static scanning had no code to analyze.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (remote AI music addition) aligns with contacting a remote API and uploading video files, and the single declared credential (NEMO_TOKEN) is relevant. However, the registry marks NEMO_TOKEN as required while the runtime instructions include an anonymous-token fallback flow that generates and stores a token — this is inconsistent. The YAML frontmatter also includes a configPaths entry (~/.config/nemovideo/) that is not reflected in the registry summary, which is another mismatch.
Instruction Scope: concernSKILL.md instructs the agent to upload user video files and to POST to external endpoints (mega-api-prod.nemovideo.ai) to obtain tokens, create sessions, run SSE, and submit render jobs — all expected for a cloud render service. Notable scopes: it tells the agent to generate and store an anonymous NEMO_TOKEN if none is supplied, to persist session_id for subsequent requests, and to include attribution headers derived from the YAML frontmatter and by detecting install paths on the filesystem. The install-path detection implies the agent may probe user filesystem locations (~/.clawhub, ~/.cursor/skills) to set headers — this file-system check is not justified by the user-visible description and increases the scope of access.
Install Mechanism: okInstruction-only skill with no install spec or code files. No packages or downloads are written to disk by the skill itself.
Credentials: noteOnly one credential (NEMO_TOKEN) is declared as required and is relevant to the service. But the declaration that it's required conflicts with the explicit anonymous-token acquisition flow in SKILL.md (which issues and stores a token if NEMO_TOKEN is absent). The YAML frontmatter's configPaths entry (~/.config/nemovideo/) is another environment/config path claim not reflected in registry metadata and may indicate implicit local config access.
Persistence & Privilege: okThe skill does not request always:true, has no install-time privilege escalation, and does not declare writes to other skills' configs. It does instruct storing its own session token/session_id for the duration of use, which is normal for a cloud session-based integration.