Animation Ai
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Images, videos, URLs, and animation prompts you provide may be processed by the NemoVideo cloud service.
The skill is designed to send user-provided media and prompts to an external cloud rendering backend, which is expected for the stated animation purpose but is still sensitive data handling.
This tool takes your images or video clips and runs AI animation generation through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Only upload media you are comfortable sending to this third-party service, and check the provider’s privacy and retention terms if the content is sensitive.
The agent will use a service token to create sessions, check credits, upload media, and request exports on your behalf.
The skill uses a bearer token for the external video service and can obtain an anonymous token automatically; this is purpose-aligned, and the artifact also says not to display token values.
Check if `NEMO_TOKEN` is set in the environment... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... The response `data.token` is your NEMO_TOKEN — 100 free credits, valid 7 days.
Treat NEMO_TOKEN like a credential, avoid sharing it, and revoke or rotate it if you believe it was exposed.
The remote service may guide the agent to query state, apply edits, or export the current project as part of the animation workflow.
The workflow allows backend responses to trigger API operations inside the animation session. This appears scoped to the intended GUI-to-API translation, but users should understand that the remote backend influences subsequent actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Review important outputs before using them, and ask the agent to confirm before exports or edits if you want tighter control.
You have less context for who operates or maintains the skill beyond the registry owner identifier.
The registry metadata does not provide a source repository or homepage, which limits independent verification of the service and skill provenance. No local code or install script is present in the supplied artifacts.
Source: unknown; Homepage: none
Use extra caution with sensitive media and prefer installing skills with clear ownership, documentation, and privacy terms when available.