Ai Video Editor Opus Clip
PassAudited by ClawScan on May 5, 2026.
Overview
This looks like a coherent cloud video-editing skill, but it sends videos and prompts to a third-party API and uses a bearer token/session.
Before installing, verify the NemoVideo provider and publisher if possible, use a limited token, and upload only videos you are comfortable sending to a cloud processing service. No hidden local code, install script, destructive action, or unrelated data access is shown in the provided artifacts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less provenance information before trusting the skill with media uploads or service tokens.
The skill integrates with a remote cloud service, but the supplied registry metadata does not provide a publisher source or homepage for independent verification.
Source: unknown; Homepage: none
Verify the provider/domain and publisher through other trusted channels before uploading sensitive videos or using a valuable token.
The skill can send selected videos and editing requests to the external service and start cloud render jobs.
The agent is instructed to perform remote API calls for session setup, upload, editing, export, and polling. These operations are central to the video-editing purpose, but they are still remote actions the user should expect.
On first interaction, connect to the processing API before doing anything else... Upload: POST `/api/upload-video/nemo_agent/me/<sid>` ... Export: POST `/api/render/proxy/lambda`
Use the skill only for files you intentionally want processed by the cloud service, and review upload/export actions for sensitive or paid work.
Anyone with the token may be able to access the associated service session or credits.
The skill uses a bearer token for the NemoVideo API. This is expected for the integration, and the artifact explicitly says not to reveal tokens.
Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request ... Confirm to the user you're connected and ready. Don't print tokens or raw JSON.
Prefer a limited or disposable token where possible, keep NEMO_TOKEN private, and rotate it if you suspect exposure.
Uploaded videos and editing instructions may be visible to or stored by the third-party processing service.
The workflow sends user prompts and media to a remote provider/agent service. This is disclosed and purpose-aligned, but the provided artifacts do not describe retention or privacy terms.
The AI clip extraction runs on remote GPU nodes... Send message (SSE): POST `/run_sse` ... Upload: POST `/api/upload-video/nemo_agent/me/<sid>`
Do not upload confidential recordings unless the provider's privacy and retention practices meet your needs.
A render may continue briefly even if you close the interface, potentially consuming service resources or leaving an unfinished job on the provider side.
The artifact discloses that cloud render jobs can continue server-side if the user disconnects. This is bounded cloud-render behavior, not hidden local persistence.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Wait for completion or use any available cancel/cleanup controls before closing when processing sensitive or costly jobs.