Flow Ai Image To Video
PassAudited by ClawScan on May 16, 2026.
Overview
This is a purpose-aligned cloud video-generation skill, but it sends selected media to NemoVideo and uses or creates a service token, so users should avoid sensitive files and use a dedicated token.
This skill appears coherent for cloud image-to-video generation. Before installing, understand that it will contact NemoVideo, use or create a NEMO_TOKEN, upload selected media, and may run export workflows that use credits. Use non-sensitive files and a dedicated token where possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act through the NemoVideo account/session associated with the token, including checking credits and exporting render jobs.
The skill uses a service token and references a NemoVideo config path, giving the workflow authority over the user's NemoVideo session/credits. This is expected for the integration, and the token use is disclosed.
requires: {"env": ["NEMO_TOKEN"], "configPaths": ["~/.config/nemovideo/"]} ... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every requestUse a dedicated or revocable NemoVideo token, do not print or share it, and avoid granting access to unrelated local config files.
Images, videos, audio, or URLs selected for processing may be shared with NemoVideo's remote service.
User media, prompts, session state, and render requests are sent to a third-party provider. This is central to cloud rendering and is clearly disclosed.
All calls go to `https://mega-api-prod.nemovideo.ai` ... **Upload** — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs.
Only upload media you are comfortable sending to the provider, and review the provider's privacy and retention terms before using sensitive content.
The agent may edit or export a draft based on the backend's response, which could consume credits or change the remote project state.
The skill tells the agent to treat backend GUI-style responses as instructions to perform API actions. This is likely an adapter for a GUI-oriented backend, but it means provider responses can drive state-changing actions inside the session.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Keep export or credit-consuming actions tied to explicit user requests, and ask for confirmation if the backend response would start an unexpected export.
Users have less external information for deciding whether to trust the remote service integration.
The skill does not install code, but its publisher/source provenance is limited and there is no homepage to independently verify the service or publisher.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer installing from trusted publishers and verify the NemoVideo service relationship before using sensitive media or account tokens.