Ai Video Head Swap
v1.0.0Skip the learning curve of professional editing software. Describe what you want — swap the head in my video with a different person's face — and get head-sw...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill is an instruction-only connector to a cloud rendering backend (nemovideo.ai). Declaring NEMO_TOKEN as the primary credential and referencing a nemo config path is consistent with a cloud video-processing service. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md describes network calls to the nemovideo.ai API (session creation, SSE, upload endpoints, export polling) and instructs uploading user video files — all expected for a cloud video-editing skill. The instructions do not ask the agent to read unrelated system files or exfiltrate data to domains outside the stated API host.
Install Mechanism
No install spec or third-party downloads are present (instruction-only). This minimizes code-on-disk risk; the skill performs network calls at runtime to the listed API host.
Credentials
Only NEMO_TOKEN is required, which is proportional for a cloud API client. Be aware that possession of NEMO_TOKEN (anonymous or user-provided) grants the service access to uploaded videos and account credits. The frontmatter also lists a config path (~/.config/nemovideo/); SKILL.md implies persistent session/token use but does not explicitly document where tokens are stored — this is reasonable but worth confirming.
Persistence & Privilege
always:false and the skill is user-invocable (normal). There is a minor mismatch: metadata declares a required config path (~/.config/nemovideo/) but the instructions don't clearly state whether or how the skill will write tokens or config files there. Expect some persistent session state on the service side and possibly local storage of the anonymous token or session ID.
Assessment
This skill appears to do what it says: it uploads your videos to a nemo/nemovideo cloud API and uses a NEMO_TOKEN to process and return edited files. Before using it: (1) Confirm you are comfortable uploading the video and any faces it contains to an external service (privacy/legal/consent implications). (2) Verify the API domain (mega-api-prod.nemovideo.ai) and the vendor’s privacy/retention policies; prefer a short test clip with non-sensitive content. (3) Know that the skill can auto-generate an anonymous NEMO_TOKEN by calling the service — that token grants the same upload/processing rights, so treat it like a secret and ask how/where it will be stored (frontmatter references ~/.config/nemovideo/). (4) Do not provide unrelated credentials; this skill does not require other tokens. (5) If you need stronger control, request logs/screenshots of where the token is stored or use a throwaway account/token and revoke it after testing.Like a lobster shell, security has layers — review code before you run it.
latestvk978kn28mzpr0e3zdfvgykc3th84r28m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN