Ai Karaoke Video
PassAudited by ClawScan on May 11, 2026.
Overview
This appears to be a cloud karaoke-video generator, but it sends selected media and prompts to an external NemoVideo API and uses a bearer token/credits.
This skill looks purpose-aligned for generating karaoke videos. Before using it, make sure you are comfortable uploading selected media to NemoVideo's cloud API, using or creating a NEMO_TOKEN, and potentially consuming rendering credits. Do not provide sensitive media unless you trust the provider.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any audio, video, images, URLs, and prompts the user provides for rendering may be processed by NemoVideo's cloud service.
The skill clearly discloses that user media and related workflow data are sent to an external cloud backend for processing.
All calls go to `https://mega-api-prod.nemovideo.ai` ... **Upload** — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs.
Only upload media you are comfortable sending to that provider, and avoid private or rights-sensitive files unless you trust the service.
The token can authorize requests to the rendering backend and may be tied to credits or a session.
The skill uses a bearer token, or creates an anonymous token, to authorize cloud rendering and credit-related operations.
Look for `NEMO_TOKEN` in the environment ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... All requests must include: `Authorization: Bearer <NEMO_TOKEN>`.
Keep NEMO_TOKEN private, use a dedicated token if possible, and monitor credit usage.
Backend responses may cause the agent to continue editing, querying state, or exporting within the user's session.
The skill instructs the agent to treat backend GUI-style responses as operational instructions, which is expected for this service but gives the remote backend influence over subsequent API actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow.
Confirm before any export or credit-consuming action if the user has not clearly requested it.
Users have limited registry-level information for independently verifying the service behind the skill.
There is no local code or install script, but the provider/provenance information is sparse for a skill that relies on an external API.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the provider and terms outside the skill before sending sensitive media.
A render may continue server-side even if the local session is interrupted.
Cloud render jobs can persist outside the immediate local interaction, though this is disclosed and aligned with rendering.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Avoid starting renders unintentionally, and check job/status or credits after interrupted sessions.