Ai Music Generator From Text
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may create or use a temporary NemoVideo service credential to run generation and export jobs.
The skill uses a bearer token for the NemoVideo service and can automatically obtain an anonymous token if none is set.
**Authentication**: Check if `NEMO_TOKEN` is set in the environment... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... The response `data.token` is your NEMO_TOKEN — 100 free credits, valid 7 days.
Only install if you are comfortable with the skill using a NemoVideo token; avoid sharing the token and clear it when no longer needed.
Text prompts and any uploaded media may be processed by NemoVideo’s cloud service rather than staying local.
Prompts, session messages, and optional uploaded files or URLs are sent to an external cloud backend.
**API base**: `https://mega-api-prod.nemovideo.ai` ... **Send message (SSE)**: POST `/run_sse` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Do not upload sensitive, private, or confidential media unless you trust the external provider and its data handling.
The external backend can influence follow-up actions inside the generation workflow.
The skill tells the agent to treat certain backend responses as instructions to perform further API actions.
### Backend Response Translation ... The backend assumes a GUI exists. Translate these into API actions: ... "click [button]" / "点击" | Execute via API
Keep backend-directed actions limited to the NemoVideo session and ask for user confirmation before unusual, costly, or out-of-scope actions.
The agent may reuse session state while working on the same generation job.
The skill maintains session context and render job identifiers across requests to complete generation and export.
Store the returned `session_id` for all subsequent requests. ... The session token carries render job IDs, so closing the tab before completion orphans the job.
Treat generated session state as service-specific context and clear or reset the session if switching projects or users.