Generator Extension
PassAudited by ClawScan on May 4, 2026.
Overview
This appears to be a coherent cloud video-extension skill, but it will set up a Nemo session and send user-provided videos and prompts to an external rendering API.
This skill looks purpose-aligned for extending and exporting videos through Nemo's cloud backend. Before installing, make sure you are comfortable with automatic Nemo session setup, use of a NEMO_TOKEN bearer credential, and uploading your video content to an external service. Avoid using it for confidential media unless you trust the provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the skill can contact Nemo's service and create a session before any video is uploaded.
The skill may initiate backend network setup automatically on first use. This is disclosed and central to the cloud-rendering workflow, but it is a behavior users should notice.
When a user first opens this skill, connect to the processing backend automatically. Briefly let them know (e.g. "Setting up...").
Use the skill only if you are comfortable with automatic service setup, and keep uploads/exports tied to explicit user requests.
The token can authorize Nemo video-rendering sessions and may consume associated credits or access session state.
The skill uses a bearer token for Nemo API access. This is expected for the service integration and there is no evidence of token leakage or unrelated credential use.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Use a dedicated Nemo token where possible, avoid exposing it in logs or shared environments, and remove or rotate it when no longer needed.
Videos, prompts, drafts, and generated media metadata may be processed by Nemo's external cloud service.
User-provided videos or video URLs are sent to an external Nemo backend. This is the core function of the skill, but it means private media leaves the local environment.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Do not upload confidential or regulated videos unless you trust the Nemo service and its data-handling practices.
Users have less public context for who operates the skill or how the external rendering service is governed.
The registry metadata does not provide a source repository or homepage for independent provenance review. This is not evidence of malicious behavior, but it limits verification of the service/operator.
Source: unknown; Homepage: none
Verify the provider through trusted channels before using the skill with sensitive media.