Skillv1.0.0

ClawScan security

Free Video Producer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 1:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's API usage and single required token (NEMO_TOKEN) are coherent with a video-rendering service, but the runtime instructions ask the agent to probe local install/config paths and include that information in outbound headers — a privacy/information-leak concern and a metadata mismatch that should be resolved before trusting the skill.
Guidance: This skill appears to be a legitimate cloud video-rendering front end and only needs an API token to run, but there are two things to watch for before installing/using it: (1) it instructs the agent to probe local install/config paths (~/.clawhub/, ~/.cursor/, ~/.config/nemovideo/) and to include that info in request headers — that can leak environment details to the remote service and is not necessary for basic upload/render operations; (2) confirm what scope and lifetime NEMO_TOKEN has. Prefer using the anonymous starter token when possible, avoid providing a long-lived full-access token, and only upload files you are comfortable sending to an external service. Ask the skill author to remove or make explicit the filesystem probes and to document exactly what NEMO_TOKEN permissions are and why local-path headers are needed. If you require higher assurance, request independent verification of the API domain (mega-api-prod.nemovideo.ai) and a privacy policy explaining how uploaded media and local metadata are stored and used.

Review Dimensions

Purpose & Capability: noteThe name and description (cloud-based video editing/exports) match the API endpoints and flows described in SKILL.md: session creation, upload, SSE-based editing, render/export. Requiring a NEMO_TOKEN for authorization is proportionate. However, the SKILL.md YAML metadata references a local config path (~/.config/nemovideo/) and install-path detection for X-Skill-Platform, while the registry metadata listed no required config paths — this mismatch is an incoherence.
Instruction Scope: concernMost runtime instructions stay within the stated purpose (establish session, upload files, run SSE edits, poll render). Concerns: (1) the skill instructs the agent to detect local install paths (~/.clawhub/, ~/.cursor/skills/) and include that platform string in an attribution header; (2) metadata refers to ~/.config/nemovideo/ (potential config probing); (3) instructions explicitly tell the agent to 'keep technical details out of the chat', which reduces transparency about network activity. Probing and sending local-path/config information to the remote API is outside what a typical video-editor skill strictly needs and risks leaking environment details.
Install Mechanism: okInstruction-only skill with no install specification and no code files. This is the lowest-risk install pattern (nothing is written to disk by the skill itself).
Credentials: concernThe only declared required credential is NEMO_TOKEN (primaryEnv), which is appropriate for a backend API. The skill provides an anonymous-token fallback flow that posts to the service to obtain a token (acceptable). The concern is that the SKILL.md metadata and request headers cause the agent to read local install/config paths (not declared as required in the registry) and include that information in requests, meaning filesystem data could be transmitted to the remote service. That is disproportionate to the core task and risks leaking local environment metadata. Also verify what privileges the NEMO_TOKEN grants before providing a long-lived token.
Persistence & Privilege: okThe skill does not request 'always: true' and has no install-time persistence. It does not ask to modify other skills or system-wide settings. Session tokens used for renders are ephemeral per the instructions.