Skillv1.0.0

ClawScan security

Ai Text To Youtube · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 12:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared requirement (NEMO_TOKEN) and network calls line up with a cloud video service, but a few inconsistencies and opaque instructions warrant caution before installing or providing credentials.
Guidance: This skill behaves like a client for nemoVideo (it uses a NEMO_TOKEN or will request a temporary anonymous token from https://mega-api-prod.nemovideo.ai). Before installing or using it: (1) confirm you trust the nemoVideo service and domain; (2) avoid supplying unrelated secrets — only provide a dedicated NEMO_TOKEN for this service; (3) be aware the skill will make network calls and include attribution headers that reveal the skill/version and detected platform; (4) note the SKILL.md tells the agent to hide technical details from chat — that reduces transparency about what it does while running; (5) ask the publisher to clarify the config path reference (~/.config/nemovideo/) and why it differs from the registry metadata, and whether the skill will read any local config files. If you need stronger assurance, request the publisher provide a formal privacy/telemetry statement or a signed manifest explaining what local data (if any) the skill reads.
Findings: [no-regex-findings] expected: Scanner saw no code files to analyze — this is an instruction-only skill. Absence of findings is expected but not evidence of safety; SKILL.md is the primary surface to review.

Review Dimensions

Purpose & Capability: noteName/description match what the SKILL.md instructs (convert text to YouTube-ready video). The single required env var (NEMO_TOKEN) is coherent. However, SKILL.md metadata references a config path (~/.config/nemovideo/) not declared in the registry metadata, which is an inconsistency worth calling out (suggests the skill might expect local config or credentials even though the registry did not list them).
Instruction Scope: noteRuntime instructions are focused on the external NemoVideo API (session creation, upload, SSE streaming, render/export). They instruct the agent to use an env token or obtain an anonymous token from the service — expected for a cloud SaaS integration. Two things to note: (1) the instructions require generating and sending a client UUID and performing network calls to an external domain; (2) the SKILL.md explicitly says to 'keep the technical details out of the chat', which reduces transparency and could hide useful audit information from users. The instructions do not explicitly ask the agent to read arbitrary local files or unrelated environment variables, aside from implicit platform/installation-path detection for an attribution header.
Install Mechanism: okInstruction-only skill with no install spec or code to write to disk — lowest-risk install mechanism. No downloads or third-party package installs are requested.
Credentials: noteOnly NEMO_TOKEN is required and is proportional to a cloud video service. The fallback anonymous-token flow is documented (generate client UUID, POST to /api/auth/anonymous-token). The earlier-noted mismatch about a referenced config path (~/.config/nemovideo/) is concerning because it could imply access to local credential/config files that the registry did not declare. The skill also instructs inclusion of attribution headers (X-Skill-Source, X-Skill-Version, X-Skill-Platform) — minor privacy/leakage risk but expected for telemetry/attribution.
Persistence & Privilege: okalways:false and no install-time persistence are used. The skill operates via transient API sessions/tokens and does not request permanent system-wide privileges or modify other skills. Autonomous invocation is enabled by default (normal) and not in itself flagged here.