Generator Image
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a cloud image/video generation skill, but users should know it sends prompts and uploaded media to NemoVideo using a bearer or anonymous token.
Install only if you are comfortable with NemoVideo receiving your prompts and any files you choose to upload. Use a dedicated token if possible, avoid sensitive media, and confirm any export or credit-consuming action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less information to independently verify who maintains the integration.
The skill does not install local code, but the registry metadata provides limited provenance for the skill/operator.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Only use it if you trust the NemoVideo service and are comfortable with the limited provenance shown in the registry.
The token may grant access to sessions, credits, and generated media on the NemoVideo service.
The skill uses a bearer token to authenticate to the external media-generation API.
If `NEMO_TOKEN` is in the environment, use it directly... Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated, revocable token where possible, and avoid providing credentials for accounts you do not want this skill to access.
Text prompts, uploaded media, and generated output metadata may be processed by the external NemoVideo service.
User prompts and selected uploaded files are sent to a remote provider endpoint and agent-like backend.
Send message (SSE): POST `/run_sse` ... `new_message`... Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart
Do not upload confidential files or sensitive prompts unless you trust the provider and its data handling.
API actions could create sessions, upload user-selected files, export media, or consume available credits, though these actions fit the stated service purpose.
The remote backend can direct the agent to perform service API actions within the user's generation session.
Backend says | You do | "click [button]" ... Execute via API ... "Export button" ... Execute export workflow
Ask the agent to confirm uploads, exports, and any action that may use credits or publish/share generated output.
A user may not immediately realize the workflow uses an external cloud video/media backend and may produce video-format outputs.
The user-facing description emphasizes image generation, while the instructions also include video/MP4 workflows and tell the agent not to surface technical backend details.
AI generated images... you've got a MP4 file ready to download... Keep the technical details out of the chat.
The skill should clearly tell users when it is using the external cloud service and whether the requested output will be an image or video file.