Free Editor No
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a cloud video-editing connector that clearly describes uploading user-provided clips to a NemoVideo backend, with some normal but important token and cloud-processing privacy considerations.
This appears appropriate for cloud video editing, but treat it like any online media-processing service: only upload clips you are comfortable sending to the provider, protect your NEMO_TOKEN, and ask for confirmation before exports if credits or final output matter.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The provider token may control access to editing sessions, credits, and exports for this service.
The skill uses or creates a bearer token for the video backend. This is expected for the service, and the artifact tells the agent not to expose tokens.
Look for `NEMO_TOKEN` in the environment... Generate a UUID... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Include `Authorization: Bearer <NEMO_TOKEN>`
Use this only with a token you intend to use for NemoVideo, and monitor credits or account activity if you connect a registered account.
Videos, images, audio, and edit instructions may leave your device and be processed by the provider.
The workflow sends user-selected video/media content to an external cloud provider for processing, which is disclosed and central to the stated purpose.
This tool takes your raw video clips and runs AI video editing through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Upload only files you are comfortable sending to the cloud, especially if clips contain private, client, or confidential content.
The agent may continue editing, polling, or exporting as part of the workflow instead of only displaying backend text.
The skill translates backend GUI-oriented responses into API actions. This is purpose-aligned for a cloud editor, but users should know provider responses can drive follow-up actions like export.
Backend says | You do ... `click [button]` ... Execute via API ... `Export button` ... Execute export workflow
Review the requested edit/export goal before starting, and ask the agent to confirm before exporting if credits, privacy, or final output matter.
It may be harder to independently verify who operates the backend or review implementation details beyond the provided instructions.
There is no local package to install, but the publisher/source provenance is limited, so users must rely on the visible instructions and the disclosed external backend.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer using this with non-sensitive test files first, and verify the provider/domain before sending important media.