ClawHub

Blue Picture Video Editor App

v1.0.3

The blue-picture-video-editor-app skill brings conversational video editing directly into your ClawHub workflow. Trim clips, adjust color grading, apply tran...

0· 115·0 current·0 all-time
by@imo14reifey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's declared primary credential (NEMO_TOKEN) and its use of ~/.config/nemovideo/client_id are appropriate for a cloud video-editing service. Minor metadata inconsistency: the skill declares a primaryEnv (NEMO_TOKEN) but the 'requires.env' list is empty in the embedded metadata; this is likely an authoring oversight and not functionally harmful.
Instruction Scope
Runtime instructions explicitly read/write ~/.config/nemovideo/client_id, generate/use a client UUID, and call nemovideo API endpoints via curl (including anonymous-token acquisition and upload/export endpoints). These actions are within scope for a cloud video editor, but they do mean user media and editing commands will be transmitted to an external service.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk beyond the explicitly documented client_id persistence. This is the lowest-risk install model.
Credentials
The skill only needs a NEMO_TOKEN (and optional NEMO_API_URL/NEMO_WEB_URL/NEMO_CLIENT_ID). That is proportionate to its stated cloud-hosted editing function. However, it will set/use NEMO_TOKEN for the session and persist a non-secret client_id under ~/.config/nemovideo/, and user video files will be uploaded to the external API — a privacy/credential consideration rather than a functional mismatch.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. The only persistent modification described is creating ~/.config/nemovideo/client_id (a UUID). It does not modify other skills or global agent settings in the provided instructions.
Assessment
This skill appears to be what it says: a cloud-backed video editor that uses NEMO_TOKEN and persists a local client_id. Before installing, consider: 1) Your videos and edit instructions will be uploaded to nemovideo's API — review their privacy policy and retention rules if you will upload sensitive footage. 2) The skill will persist a UUID at ~/.config/nemovideo/client_id; that file is non-secret but identifies your client to the service. 3) The skill may store a session NEMO_TOKEN in its runtime environment; confirm that tokens are not written to other persistent places you don't expect. 4) The metadata contains a small inconsistency (primaryEnv present but not listed in requires.env) — benign but worth checking the publisher docs/repo to ensure there are no undocumented behaviors. If you need stronger isolation, run the skill in a sandboxed environment, avoid sending sensitive videos, or verify network traffic (or vendor source code) before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e4aq0cme530fm55dkz8bxc183qsxn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Primary envNEMO_TOKEN

Comments