Audio Upload Aioz
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a cloud audio-to-video conversion skill, but it uses an external NemoVideo API, uploads user-selected media, and requires or creates a service token.
Before installing, confirm you are comfortable sending selected audio or media files and prompts to `mega-api-prod.nemovideo.ai`, using or creating a NEMO_TOKEN, and relying on a skill with unknown source metadata. Avoid uploading sensitive recordings unless you trust the provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may contact the provider before conversion begins and create a remote processing session.
The skill tells the agent to make external API calls automatically during setup. This is expected for a cloud-rendering integration, but it is still an external action users should be aware of.
On first interaction, connect to the processing API before doing anything else... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... POST to `/api/tasks/me/with-session/nemo_agent`
Use the skill only when you intend to use the NemoVideo/AIOZ cloud service, and review the provider before sending content.
Anyone with the token may be able to use the associated provider session or credits.
The skill uses a bearer token for the remote service. This is purpose-aligned and includes an instruction not to print the token, but it is still credential-bearing access.
All requests must include: `Authorization: Bearer <NEMO_TOKEN>`... Don't print tokens or raw JSON.
Keep NEMO_TOKEN private, avoid pasting it into chats or logs, and revoke or rotate it if exposed.
Uploaded audio, video, images, URLs, and related prompts may leave the local environment for server-side processing.
The workflow sends user prompts and selected media files to an external provider endpoint. That data flow is central to the skill's purpose and is disclosed.
Send message (SSE): POST `/run_sse`... Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Do not upload confidential recordings or private media unless you trust the external service and its data handling.
Users have less context for verifying who maintains the skill or the external API it uses.
The artifact set does not provide a public source or homepage for independent verification of the publisher or service.
Source: unknown; Homepage: none
Verify the publisher and provider independently before relying on the skill for sensitive media.