ClawHub

Sondo Ai

v1.0.0

Turn a 2-minute interview recording with background noise into 1080p clean audio videos just by typing what you need. Whether it's removing background noise...

0· 51·0 current·0 all-time
by@vynbosserman65
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to perform cloud-based audio/video cleanup and only requires a NEMO_TOKEN (or will acquire an anonymous one). Required items (token, session, uploads) align with the stated cloud render purpose; no unrelated credentials or binaries are requested.
Instruction Scope
Instructions focus on creating a session, streaming edits over SSE, uploading video files (via multipart or URL), polling render status, and returning download URLs—all appropriate for the service. Two things to note: (1) the skill will POST files from provided local paths (it expects uploaded files), so any local file path you provide will be read and transmitted to the remote service; (2) it instructs detecting install paths (e.g., ~/.clawhub/, ~/.cursor/skills/) to set an X-Skill-Platform header, which implies checking for certain filesystem paths. Both are explainable by the skill's telemetry/attribution needs but are material to privacy.
Install Mechanism
No install spec or downloaded code — instruction-only. That minimizes on-disk code execution risk.
Credentials
Only NEMO_TOKEN is declared as required and is the primary credential; this matches the API usage. The metadata also references a config path (~/.config/nemovideo/) and the runtime will optionally obtain an anonymous token if NEMO_TOKEN is absent — reasonable but worth noting if you expect the skill not to contact the backend without an explicit token.
Persistence & Privilege
Skill is not marked always:true and is user-invocable; it does not request elevated or persistent platform privileges nor modify other skills. Normal autonomous invocation applies.
Scan Findings in Context
[NO_CODE_FILES] expected: The static scanner had no code files to analyze because this is an instruction-only skill (SKILL.md). No regex-based findings were produced; the runtime behavior is described entirely in prose.
Assessment
This skill will upload any video files you provide to mega-api-prod.nemovideo.ai and may automatically obtain an anonymous token if you don't set NEMO_TOKEN. Before installing or using it: (1) do not upload sensitive or private media unless you trust the remote service and have verified its privacy/retention policy; (2) if you prefer control, set your own NEMO_TOKEN rather than allowing anonymous-token acquisition; (3) be aware it may inspect certain local paths to populate an X-Skill-Platform header (this is attribution/telemetry, not credential theft, but it does involve checking for directories); (4) confirm the external domain and service terms if provenance matters. Overall the skill's behavior is coherent with its stated purpose, but the privacy implications of remote processing are the primary thing to consider.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e6vybqzrhywp8mq0pav321h84pkgx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎙️ Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments