Video Leonardo Simple
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only video-generation skill is coherent and purpose-aligned, but it sends selected prompts/files and a provider token/session to the NemoVideo cloud API.
This skill looks benign for its stated purpose. Before installing, make sure you are comfortable with an unknown-source skill using the NemoVideo cloud API, creating a provider session/token, and uploading any media or prompts you provide for AI video generation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create sessions, check credits, upload media, generate videos, and export results through the NemoVideo account or anonymous token it uses.
The skill uses a bearer token for provider API access. This is expected for the NemoVideo integration, but users should understand that the agent can act within that token's provider-side permissions and credits.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a token intended for this service, monitor credits/account activity, and avoid reusing broader credentials.
Images, videos, audio, URLs, and prompts provided to the skill may be processed by the NemoVideo backend.
The skill sends user-selected files, URLs, prompts, and session data to an external cloud API. This is central to the advertised cloud rendering workflow, but it is still a third-party data flow.
**API base**: `https://mega-api-prod.nemovideo.ai` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Upload only media you are comfortable sending to the named third-party service, and review that service's privacy and retention terms if the files are sensitive.
The external service may guide follow-up API actions such as querying state or continuing an edit workflow.
The agent is instructed to treat backend responses as workflow directions and convert them into API calls. This is purpose-aligned for the integration, but it means provider responses can influence the agent's next actions within the video workflow.
The backend responds as if there's a visual interface. Map its instructions to API calls: - "click" or "点击" → execute the action via the relevant endpoint
Keep actions limited to the current user-requested video task, and avoid following backend directions that would exceed the user's request.