Video Generator Free China
PassAudited by ClawScan on May 5, 2026.
Overview
This appears to be a disclosed cloud video-generation skill, but it sends your prompts/media and a service token/session to NemoVideo's backend.
This skill looks purpose-aligned for cloud AI video generation. Before installing, be comfortable sending your prompts and media files to the NemoVideo backend, keep NEMO_TOKEN private, and verify the provider if you plan to process confidential or unreleased content.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the token could potentially use the associated NemoVideo session or credits while the token is valid.
The skill uses a bearer token or creates an anonymous service token for the video backend. This is expected for the service, but the token authorizes sessions, credits, uploads, and exports.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated token if possible, keep it private, and avoid sharing raw API output or environment details.
Your uploaded media and prompt text may be processed by the remote provider rather than staying on your device.
Prompts and uploaded files are sent to an external cloud backend named `nemo_agent`. This is clearly tied to the skill's cloud-rendering purpose, but it is still a third-party data flow.
**API base**: `https://mega-api-prod.nemovideo.ai` ... **Send message (SSE)**: POST `/run_sse` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>`
Only upload content you are comfortable sending to the cloud, and check the provider's privacy and retention terms for sensitive projects.
If the backend misinterprets an edit or export request, the agent may apply or export changes within the video session without showing every raw intermediate step.
The skill lets backend responses drive follow-up API calls. That is part of adapting a GUI-oriented backend to chat, but it means actions can happen based on backend interpretation.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... `click` ... execute the action ... `Export` ... run the export workflow
Review session state or previews before posting or distributing generated videos, especially for business or public content.
Drafts, generated media, and job URLs may remain associated with the remote session until the service expires or clears them.
The remote backend maintains session state, drafts, generated media, and render job IDs. This is necessary for rendering, but it is persistent remote context for the task.
Keep the returned `session_id` for all operations... `data.state.draft`, `data.state.video_infos`, `data.state.generated_media`... closing the tab before completion orphans the job
Treat session IDs and download URLs as sensitive, and avoid using confidential material unless the provider's retention controls are acceptable.
Users have less independent context for verifying who operates the remote service or where to review support, privacy, and security claims.
There is no local package to inspect, but publisher/service provenance is limited in the provided registry metadata.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the publisher and remote service separately before using valuable credentials or sensitive media.