Skillv1.0.0

ClawScan security

Music To Free · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 5:41 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (removing music from videos) mostly matches its instructions, but there are inconsistencies and a few behaviors (filesystem probing for installation path, implicit reading of a config path in the frontmatter, and automatic uploading of user files to an external API that the agent is told to keep 'out of the chat') that merit caution.
Guidance: This skill appears to do what it says (upload your video, remove music via a cloud service), but review these points before installing or using it: - Files are uploaded to a third-party domain (mega-api-prod.nemovideo.ai). Do not send sensitive videos unless you trust that service and its privacy policy. - The skill will read NEMO_TOKEN from environment or obtain an anonymous token; supplying a token gives the service direct access tied to your account—only provide if you trust the service. - SKILL.md asks the agent to detect the local install path and references ~/.config/nemovideo/ in its frontmatter. Ask the author to clarify why the skill needs to read local paths and what it will do with any files it finds there. - The instruction to 'keep the technical details out of the chat' reduces visibility into network/file actions; prefer transparency and ask the author to surface key actions (uploads, endpoints, tokens) to the user. - Because this is instruction-only (no code to audit), you cannot review implementation details locally. If you need higher assurance, request a published privacy/security statement from the vendor or prefer a self-hosted/local tool. If these points are acceptable and you trust nemovideo.ai, the permissions requested are broadly consistent with the service; otherwise treat this skill with caution or request clarifications from the publisher.

Review Dimensions

Purpose & Capability: noteThe skill's name and description match the network endpoints and flows in SKILL.md (upload video, create session, render, download). Requesting a NEMO_TOKEN as the primary credential is coherent for a cloud video service. However, the SKILL.md frontmatter metadata lists a required config path (~/.config/nemovideo/) that is not present in the registry metadata; the skill also requires detecting the agent's install path to populate X-Skill-Platform headers — both are minor inconsistencies that expand its expected access surface.
Instruction Scope: concernInstructions direct the agent to upload user videos and metadata to https://mega-api-prod.nemovideo.ai and to create/poll sessions and render jobs — expected for this purpose. Concerns: (1) the skill tells the agent to detect the local install path to set X-Skill-Platform (this requires reading the filesystem outside of the user-supplied files); (2) the frontmatter requests a config path (~/.config/nemovideo/) which implies reading user config files; (3) the guidance 'Keep the technical details out of the chat' encourages hiding technical network activity from users. Together these expand scope beyond simple API calls and potentially leak local info via headers.
Install Mechanism: okInstruction-only skill with no install spec and no code files — low installation risk (nothing is written to disk by an installer).
Credentials: noteOnly one environment variable (NEMO_TOKEN) is declared and used, which is proportionate for a cloud API. However, the SKILL.md frontmatter also lists a configPaths entry (~/.config/nemovideo/) while the registry metadata showed none — this mismatch should be clarified because reading that path could reveal local tokens or config. The skill also instructs creating an anonymous token if NEMO_TOKEN is absent, which is expected behavior but means the agent will contact the external API on the user's behalf.
Persistence & Privilege: okThe skill does not request always:true and doesn't request elevated or cross-skill config changes. Autonomous invocation is allowed (default) but not combined with other high-risk privileges. No indications it will persist or modify other skills.