Text Generation Generator
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: text-generation-generator Version: 1.0.0 The skill bundle provides a legitimate interface for an AI agent to interact with the NemoVideo API (mega-api-prod.nemovideo.ai) for text-to-video generation. It includes well-defined instructions for authentication (using NEMO_TOKEN or anonymous tokens), session management, and error handling. The instructions are focused on bridging the gap between the backend API and the agent's interface, with no evidence of malicious intent, data exfiltration, or unauthorized system access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will contact NemoVideo and create or resume a processing session.
The skill initiates an external API session automatically when invoked. This is disclosed and central to the service, but it means network/API activity begins before other work.
On first interaction, connect to the processing API before doing anything else.
Use the skill only when you are comfortable with it contacting the remote video service; consider asking for confirmation before export or credit-consuming actions.
Anyone with the token could potentially use the associated NemoVideo access or credits.
The skill uses a bearer token for NemoVideo API access. This is expected for the integration and the artifact also says not to print tokens, but the token may represent credits or account access.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Protect NEMO_TOKEN, avoid sharing transcripts containing credentials, and use a scoped or disposable token where possible.
Product descriptions, media files, URLs, and generated-video state may be processed by NemoVideo’s servers.
Prompts, messages, uploads, and file URLs are sent to an external provider. This is disclosed and purpose-aligned for cloud rendering, but the artifact does not describe retention or privacy controls.
All calls go to `https://mega-api-prod.nemovideo.ai`. ... **Chat (SSE)** ... your message ... **Upload** ... multipart file or JSON with URLs.
Do not submit confidential, regulated, or sensitive media unless you trust NemoVideo’s handling and retention policies.
It may be harder to verify who maintains the skill or the external service it uses.
The registry information does not provide a source repository or homepage for independent verification. There is no local code or install step in the supplied artifacts, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Verify the publisher and NemoVideo endpoint before relying on the skill for important or sensitive work.
A render job may continue remotely and could tie up credits or require later cleanup if interrupted.
The skill maintains remote session state and render jobs may continue or become orphaned on the provider side. This is expected for cloud rendering, but it is persistent remote activity beyond a single local message.
Save `session_id` from the response. ... closing the tab before completion orphans the job.
Monitor credit usage and wait for jobs to finish or cancel them through the service when available.