Linkedin Video Maker
PassAudited by ClawScan on Apr 30, 2026.
Overview
This skill is a cloud video-rendering helper that clearly uses an external service and token, with no evidence of hidden code or malicious behavior.
Before installing, be comfortable with sending your video clips, images, prompts, and project state to the NemoVideo cloud API. The skill does not include local executable code, but it does use a bearer token, remote agent communication, cloud uploads, and cloud rendering jobs.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The video service can guide editing/export steps inside the session, rather than every step being directly chosen by the user.
The skill lets backend messages influence the agent's next API action. This is disclosed and tied to the video workflow, but users should know remote backend responses can steer workflow actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Use the skill for intended video-generation tasks and review outputs before posting or sharing them.
Files or URLs you provide can be sent to the NemoVideo backend for processing.
The skill supports uploading local files or URLs to an external backend. This is necessary for video creation, but it is still a sensitive tool capability involving user media.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only provide media you are comfortable uploading to the external rendering service.
The skill can act within the permissions of the NemoVideo token for video sessions, uploads, credits, state, and rendering.
The skill requires a bearer token for the cloud API. This credential use is expected for the stated service and the instructions say not to display token values.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a token intended for this service only, and avoid sharing or reusing it for unrelated accounts.
Users have limited registry-level provenance information about the publisher or service behind the skill.
The skill has no install-time code, but its registry provenance is limited and it depends on an external backend service.
Source: unknown; Homepage: none
Install only if you are comfortable relying on the listed external NemoVideo API endpoint for processing.
Your video project state can persist in the backend session while the skill continues editing, exporting, or checking status.
The skill maintains backend session context across requests. This is expected for a multi-step video project, but it means project state is reused during the workflow.
Store the returned `session_id` for all subsequent requests.
Avoid placing confidential or regulated material in projects unless you trust the external service's handling of that media and session state.
Prompts and workflow state are exchanged with the external NemoVideo agent backend.
The skill communicates with a remote `nemo_agent` backend over SSE. This is central to the service, but it is an agent/provider communication path that carries user prompts and session identifiers.
Send message (SSE): POST `/run_sse` — body `{"app_name":"nemo_agent","user_id":"me","session_id":"<sid>"...}` with `Accept: text/event-stream`.Do not include sensitive business information in prompts or media unless that is appropriate for the external service.
A render job may keep running on the backend even if you close the tab before it finishes.
Cloud render jobs may continue independently of the user's active tab. This is disclosed and expected for rendering, but users should understand that queued processing may continue after they leave.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Start exports only when you intend the backend render to complete, and check status/download links before leaving long jobs.