Markdown Editor With
Security checks across malware telemetry and agentic risk
Overview
This is a coherent cloud video-rendering skill, but it will contact nemovideo.ai, use a token, and send the content you provide to that service.
Before installing, confirm you are comfortable sending your markdown or media to nemovideo.ai and using a NEMO_TOKEN for that service. Avoid sensitive content unless you trust the provider and understand its data handling.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Markdown, scripts, media, and render details you provide may leave your device and be processed by nemovideo.ai.
User content is intentionally sent to an external cloud service for rendering, which is expected for this skill but creates a third-party data boundary.
This tool takes your text or script and runs markdown-based video creation through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Use the skill only with content you are comfortable uploading to the provider, and avoid confidential or regulated material unless you have reviewed the provider’s terms.
Anyone with access to the token could potentially use the associated Nemo session or credits.
The skill uses a bearer token to authenticate every request to the rendering backend; this is aligned with the integration but is still credentialed account access.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Keep NEMO_TOKEN private, avoid logging or sharing it, and rotate or regenerate it if it may have been exposed.
A backend response could trigger actions within the current video project, such as querying state or starting an export.
The skill instructs the agent to convert certain backend responses into API actions. This is part of the intended GUI-to-API bridge, but it means remote service text can influence tool behavior.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Confirm user intent before credit-consuming or final export actions, and do not let backend messages override explicit user instructions.
You have less information to verify who maintains the skill or the external API integration.
The skill’s registry information does not provide a source repository or homepage, making independent verification harder even though no local code is installed.
Source: unknown; Homepage: none
Verify the nemovideo.ai domain and provider relationship before relying on the skill for sensitive content or paid workflows.