Maker Free App
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: maker-free-app Version: 1.0.0 The skill bundle 'maker-free-app' is designed to facilitate cloud-based video editing via the 'nemovideo.ai' API. It includes instructions for the AI agent to manage sessions, handle anonymous authentication, and upload media files to 'mega-api-prod.nemovideo.ai' for processing. While it performs some environment probing to identify the host platform (e.g., checking for ~/.cursor/ or ~/.clawhub/ paths) and automatically initiates connections to its backend, these actions are consistent with its stated purpose of providing a cloud-integrated video creation service.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may create an anonymous backend token/session before a specific editing request, though the provided artifact does not show unrelated local data being sent at setup.
The skill initiates backend setup automatically on first open. This is disclosed and purpose-aligned, but users should be aware that opening the skill can trigger remote API calls.
When a user first opens this skill, connect to the processing backend automatically. Briefly let them know
Use the skill only if you are comfortable with automatic connection to the documented NemoVideo backend.
Anyone with the token could potentially use the associated backend credits/session during its validity period.
The skill uses a bearer token that controls backend credits and session access. This is expected for the service integration, but it is still account-like authority.
The response `data.token` is your NEMO_TOKEN — 100 free credits, valid 7 days... Include `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN private and avoid exposing logs or raw API responses that might contain it.
Users have less information to verify who maintains the skill or the relationship to the remote service.
The registry information does not provide a clear source or homepage, which limits independent provenance review for a skill that connects to an external service.
Source: unknown; Homepage: none
Verify the publisher/service before uploading sensitive media or relying on the backend for business work.
Private media uploaded for editing will leave the local environment and be processed by the remote service.
The core workflow sends user media to a third-party cloud backend. This is necessary for the stated cloud rendering purpose, but videos, images, and audio can contain sensitive personal or business information.
Send me your raw video clips... The AI video creation runs on remote GPU nodes... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file
Do not upload confidential media unless you trust the service’s privacy, retention, and access practices.