ClawHub

Tiktok Add Music To

v1.0.0

Get music-backed videos ready to post, without touching a single slider. Upload your video clips (MP4, MOV, AVI, WebM, up to 500MB), say something like "add...

0· 57·0 current·0 all-time
by@francemichaell-15
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (add music to TikTok videos) align with the runtime instructions: uploads, session creation, render/export endpoints and a single service credential (NEMO_TOKEN). Requesting a NEMO_TOKEN as the primary credential is proportionate for a cloud processing backend. Note: the SKILL.md frontmatter also references a config path (~/.config/nemovideo/) even though the top-level metadata listed no required config paths — a minor inconsistency.
Instruction Scope
Instructions stay within the stated purpose (upload video files, create sessions, submit render jobs, poll for results). They explicitly send user-uploaded media to an external API (mega-api-prod.nemovideo.ai) and will create an anonymous token if NEMO_TOKEN is absent. The skill also instructs the agent to detect install path and read the skill frontmatter to set attribution headers, which requires reading local paths (e.g., ~/.clawhub, ~/.cursor/skills/) — this is privacy-sensitive but not unrelated to the skill's stated behavior.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. This is the lowest-risk install pattern.
Credentials
Only one credential is declared (NEMO_TOKEN), which is appropriate for a single third-party service. The SKILL.md, however, implements a fallback that generates an anonymous token by contacting the service directly when NEMO_TOKEN is absent — this means the skill can obtain and use credentials autonomously. Also, the SKILL.md frontmatter references a local config path (~/.config/nemovideo/) not declared elsewhere in the registry metadata; that mismatch should be clarified.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It maintains session state with the backend (session_id) for operation, which is normal for this type of cloud service. It does not request modification of other skills or system-wide settings.
Assessment
This skill appears to do what it says: it uploads videos to a third-party cloud service (mega-api-prod.nemovideo.ai) and returns rendered MP4s. Before installing or using it, consider: (1) you will be uploading your video files to an external API — confirm you trust that domain and understand their privacy/retention policy; (2) the skill will use a NEMO_TOKEN if provided or obtain an anonymous token itself (100 free credits, 7-day expiry) — don't reuse a sensitive token you use for other services; (3) the SKILL.md asks the agent to read local install paths (to set attribution headers) and references a local config directory (~/.config/nemovideo/) in its frontmatter — ask the publisher why that config path is needed and whether the skill will read or write files there; (4) there's no homepage or verifiable source listed — if you require higher assurance, ask the publisher for source/docs or prefer a skill with an identifiable vendor and privacy policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9727xykr35d4z6m062a743ed984naz5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments