Free Video Letter Maker
v1.0.0Turn a short personal message and one photo into 1080p personalized video letters just by typing what you need. Whether it's turning written messages into sh...
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (video-letter creation) match the required credential (NEMO_TOKEN) and the API endpoints described in SKILL.md. One minor inconsistency: the registry metadata shown earlier lists no config paths, while the skill frontmatter inside SKILL.md advertises a config path (~/.config/nemovideo/) — that is plausible (used to find stored tokens) but should have been declared consistently.
Instruction Scope
Instructions stay inside the stated purpose: they establish a session, upload files, stream SSE, poll renders, and return download URLs. The skill tells the agent how to obtain an anonymous token if NEMO_TOKEN is missing, how to upload local files (multipart @/path), and how to read/poll session state. Two items to note: (1) it requires adding attribution headers that reference the skill frontmatter/version and asks to auto-detect an install path for X-Skill-Platform — that may require the agent to inspect its environment/install path (or fall back to 'unknown'); (2) SKILL.md suggests reading ~/.config/nemovideo/ (frontmatter) which is reasonable to locate stored tokens but is not declared in the registry-level requirements earlier. Both are scope-adjacent but explainable for this type of integration.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install surface. Nothing is downloaded or executed by an installer.
Credentials
Only a single credential (NEMO_TOKEN) is declared as required and is appropriate for a cloud service. The runtime also describes how to obtain a short-lived anonymous token if none is provided, which is consistent with the stated free-tier behavior. There are no unrelated secret variables requested.
Persistence & Privilege
always is false and the skill does not request elevated or system-wide persistence. It does not attempt to modify other skills or global agent settings. The only potential persistent read is the optional config path (~/.config/nemovideo/) to locate tokens, which is reasonable for a client that can use locally stored credentials.
Assessment
This skill appears to do exactly what it says: it will upload media and text to a nemovideo cloud API to produce rendered videos. Before installing or using it, consider: (1) You are trusting the external domain (mega-api-prod.nemovideo.ai) with any files and the NEMO_TOKEN — don't send sensitive PII or corporate secrets. (2) The skill can look in ~/.config/nemovideo/ (per its frontmatter) to find tokens; if you keep tokens there and don't want them used, remove or lock that file. (3) If you don't have a NEMO_TOKEN the agent will request an anonymous token from the service (expected behavior). (4) The SKILL.md and registry metadata disagree about config paths — harmless in itself but worth noting. If you need stronger guarantees, ask the skill author for a privacy policy or an explicit list of endpoints and headers, or run this skill in an environment where you control what files and tokens are accessible.Like a lobster shell, security has layers — review code before you run it.
latestvk97ew6bjzvh3rkyp4h0z4b82yn84ndw8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
✉️ Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN