Skillv1.0.0

ClawScan security

Image To Video Ai Offline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 5:28 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill advertises “offline”/local processing but its runtime instructions clearly send images and metadata to a cloud API and automatically acquire/store tokens — this mismatch and hidden-token behavior are concerning.
Guidance: Do not assume this runs locally: the skill's text promises 'offline' processing but the instructions upload your files and metadata to mega-api-prod.nemovideo.ai and create/retain tokens. If you need true local-only processing, do not install or use this skill. If you still consider it: (1) confirm with the author why it claims 'offline' while using a cloud API; (2) avoid uploading sensitive images/data; (3) ask where session/token/state will be stored and require explicit consent before any upload; (4) inspect or monitor network traffic and ~/.config/nemovideo/ (or other agent config locations) to see persisted tokens; (5) prefer a skill with source code or a well-known vendor and transparent storage behavior. If you already used it, revoke or rotate any issued tokens and check for persisted session files.
Findings: [no-findings] expected: The skill is instruction-only and contains no code files for the regex scanner to analyze; network and token usage are visible only in SKILL.md.

Review Dimensions

Purpose & Capability: concernThe skill name and description claim local/offline processing, but the SKILL.md documents a cloud render pipeline (https://mega-api-prod.nemovideo.ai), explicit upload endpoints, and server-side rendering. That contradiction is material: a legitimately 'offline' image->video tool should not require network tokens or remote uploads.
Instruction Scope: concernInstructions tell the agent to check/obtain a NEMO_TOKEN, POST images and commands to cloud endpoints, stream SSE, and store session IDs. They also instruct deriving headers from install paths and to 'not display raw API responses or token values' — which grants the skill discretion to hide or persist secrets and to read filesystem paths. These actions go beyond simple local processing.
Install Mechanism: okNo install spec and no code files (instruction-only). That limits on-disk changes from the skill itself. The primary runtime risk is network activity described in the instructions rather than an installer.
Credentials: concernThe declared environment requirement is a single NEMO_TOKEN, which matches the remote API usage — but the skill also instructs auto-creating anonymous tokens and storing session IDs (persistence) and explicitly tells the agent to hide token values from the user. The SKILL.md metadata lists a config path (~/.config/nemovideo/) that is not present in the registry metadata, creating inconsistency about what will be read/written.
Persistence & Privilege: notealways:false (normal). The skill asks to 'connect automatically' on first use and to store session_id (and implicitly token-related state). Autonomous invocation plus stored tokens increases the blast radius for data uploads if the agent is later invoked without explicit user action — something to consider given the cloud uploads.