Video Leonardo Easy
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts describe a coherent cloud video-generation skill, but it uses a NEMO_TOKEN and sends user-provided media and prompts to an external NemoVideo backend.
This skill appears purpose-aligned for cloud AI video generation. Before installing, understand that it may automatically create a NemoVideo session, use or create a NEMO_TOKEN, and upload your selected files and prompts to the NemoVideo backend. Avoid using it with confidential media unless you trust that provider's privacy and retention practices.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the skill can contact NemoVideo and create an anonymous processing session before any media is uploaded.
The skill initiates external API calls to create a token/session automatically on first use. This is disclosed and central to the cloud rendering workflow, but it is still network automation users should notice.
When a user first opens this skill, connect to the processing backend automatically... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Create a session
Keep the automatic setup limited to token/session creation and ask the user before uploading files, spending credits, or taking irreversible actions.
If backend output is unexpected, the agent could perform edits or exports inside the current video session without showing every internal step.
The skill tells the agent to treat backend responses as instructions for follow-up API actions. This appears purpose-aligned within the video project, but backend text is being given operational authority.
Backend Response Translation... `click [button]` / `点击` | Execute via API ... `Export button` / `导出` | Execute export workflow
Constrain backend-directed actions to the current session and require user confirmation for paid, destructive, public-sharing, or otherwise high-impact actions.
Anyone with the token may be able to access the associated short-lived session or credits for this service.
The skill uses a bearer token for the NemoVideo service. This is expected for the integration and no artifact shows token leakage or unrelated use.
Include `Authorization: Bearer <NEMO_TOKEN>`... `data.token` is your NEMO_TOKEN — 100 free credits, valid 7 days.
Use a dedicated token, do not share it, and rotate or replace it if it may have been exposed.
Uploaded images, videos, audio, URLs, and prompts may leave the local environment and be processed by NemoVideo's cloud service.
User-provided prompts and media are sent to an external cloud backend. This is disclosed and necessary for the skill, but provider-side retention and privacy boundaries are not described in the artifact.
This tool takes your images or prompts and runs AI video generation through a cloud rendering pipeline... Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart
Only upload content you are comfortable sending to that provider, especially for private, unreleased, or client-owned media.