Time Lapse Video
v1.0.0Get time lapse MP4 ready to post, without touching a single slider. Upload your sequential images (JPG, PNG, MP4, MOV, up to 500MB), say something like "comb...
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (time-lapse creation) align with the required credential (NEMO_TOKEN) and the SKILL.md which describes uploading images and calling a remote render API. The single declared credential is what you'd expect for a cloud render service.
Instruction Scope
Instructions correctly describe using the remote API for session creation, uploads, SSE, and export. They instruct reading NEMO_TOKEN from the environment and, if missing, obtaining an anonymous token by POSTing to the provider's auth endpoint. The skill will upload user media to a remote endpoint (expected for this purpose) and also suggests deriving headers from local install paths (implies inspecting filesystem paths such as ~/.clawhub/ or ~/.cursor/skills/). That filesystem inspection is not necessary for core functionality and should be limited/explicitly authorized.
Install Mechanism
Instruction-only skill with no install steps and no code files — lowest install risk. All runtime behavior is via API calls described in SKILL.md.
Credentials
Only one credential (NEMO_TOKEN) is required, which is proportional to the service. The skill also describes creating an anonymous token if none is present. No unrelated secrets or extra env vars are requested.
Persistence & Privilege
always is false and there is no request for permanent system-wide presence or modification of other skills. The skill will manage a session token for its own API calls (normal for a cloud service).
Scan Findings in Context
[no_code_files] expected: Regex scanner had nothing to analyze because this is an instruction-only skill (SKILL.md). This is expected for many cloud-integration skills; absence of findings is not proof of safety.
Assessment
This skill appears to do what it says: it uploads your photos/videos to a remote rendering service that requires a NEMO_TOKEN (the skill can obtain an anonymous 7-day token if none is provided). Before installing/using it, consider: 1) privacy — your media will be uploaded to https://mega-api-prod.nemovideo.ai (an unknown third party from this package metadata); don't upload sensitive media. 2) token safety — NEMO_TOKEN is a bearer credential; ensure you don't reuse a sensitive account token here. 3) filesystem access — the skill may inspect install/config paths to populate headers (nonessential for rendering); limit or audit that behavior if you want to avoid local path checks. 4) metadata inconsistency — the SKILL.md frontmatter references a config path (~/.config/nemovideo/) while the registry metadata reported none; this is a minor mismatch but worth noting. If you need stronger assurance, request the vendor/homepage, an explicit privacy policy, or run the skill with test/sample files and a throwaway token first.Like a lobster shell, security has layers — review code before you run it.
latestvk979xr6gwmd6dgk8fdwj8pt4px84qknz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⏩ Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN