Video Editor Ai Name
ReviewAudited by ClawScan on Apr 30, 2026.
Overview
This appears to be a cloud video-editing skill that uses the advertised NemoVideo API; no malicious behavior is evident, but uploaded media and the service token should be treated as sensitive.
Install only if you are comfortable uploading your footage and edit prompts to mega-api-prod.nemovideo.ai. Keep NEMO_TOKEN private, verify any credit or upgrade requirements, and use separate sessions for unrelated or sensitive projects.
Findings (9)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Backend messages can cause the agent to perform editing, state-query, or export API steps within the video workflow.
The skill lets backend responses drive follow-up API actions. This is purpose-aligned for adapting a GUI-oriented backend to chat, but users should know the provider workflow can influence what the agent does next.
The backend assumes a GUI exists. Translate these into API actions ... click [button] -> Execute via API ... Export button -> Execute export workflow
Use the skill for intended video-editing tasks and review unexpected export or state-changing actions before proceeding.
Using the skill can upload selected media and create remote render jobs through the provider API.
The skill performs external API setup, upload, and export operations. These are normal for a cloud video editor and are disclosed, but they are still actions users should expect.
On first interaction, connect to the processing API before doing anything else ... Upload: POST /api/upload-video/nemo_agent/me/<sid> ... Export: POST /api/render/proxy/lambda
Only provide files and URLs you intend to process with the NemoVideo cloud service.
Anyone with the token may be able to access or use the associated NemoVideo service session or credits.
The skill uses a service token for NemoVideo API authentication. This is expected for the integration and the instructions say not to print tokens.
If NEMO_TOKEN environment variable is already set, use it ... Every API call needs Authorization: Bearer <NEMO_TOKEN>
Protect NEMO_TOKEN like a password and use a dedicated token for this service.
Users have less information for independently verifying who maintains the skill or its relationship to the remote API service.
The registry metadata does not provide a public source or homepage for provenance review. There is no local install package risk, but users have limited maintainer/provider context from the artifacts.
Source: unknown; Homepage: none
Verify the provider/domain and maintainer reputation before uploading sensitive footage.
Video drafts and generated media state may persist in the provider session and influence subsequent edits or exports.
The skill keeps and reuses remote session state, drafts, and generated media information. This is necessary for editing/export, but prior session context may affect later actions in the same project.
Save session_id from the response ... Session state: GET /api/state/nemo_agent/me/<sid>/latest — key fields: data.state.draft, data.state.video_infos, data.state.generated_media
Start a new session for unrelated projects and avoid mixing sensitive and non-sensitive footage in the same session.
Raw footage, edit instructions, and generated outputs are processed by the NemoVideo cloud service.
The skill sends prompts, files, URLs, and session data to an external provider over documented API and SSE flows. The endpoint and bearer authentication are disclosed, but user media leaves the local environment.
API base: https://mega-api-prod.nemovideo.ai ... Send message (SSE): POST /run_sse ... Upload: POST /api/upload-video/nemo_agent/me/<sid>
Do not upload confidential, regulated, or private footage unless you trust the provider’s handling of that data.
Interrupted exports may leave remote jobs or outputs in an uncertain state.
A single export action can create a remote render job that may continue or become orphaned if the session is interrupted. This is disclosed and aligned with cloud rendering.
Each export job queues on a cloud GPU node ... closing the tab before completion orphans the job
Wait for export completion when possible and check session status before starting duplicate render jobs.
Users may encounter credit limits, token expiry, or plan restrictions during use.
The instructions include both free-token/free-export language and possible registration or upgrade requirements. This is explained in the error handling section, but users should not assume all use is permanently free.
Free token ... 100 credits, 7-day expiry ... Export (free, no credits) ... Register or upgrade your plan to unlock export
Review credit, registration, and export requirements before relying on the service for time-sensitive work.
A remote render may outlive the active chat/session if interrupted.
The provider-side render job may continue or remain orphaned after the local interaction ends. This is disclosed and tied to a user-triggered export, not hidden autonomous behavior.
closing the tab before completion orphans the job
Avoid starting exports you do not intend to complete, and monitor job status for important projects.