ClawHub

Image To Video Leaderboard

v1.0.0

Get animated video clips ready to post, without touching a single slider. Upload your static images (JPG, PNG, WEBP, HEIC, up to 200MB), say something like "...

0· 47·0 current·0 all-time
by@imo14reifey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (compare and run image→video models) map directly to the runtime instructions (upload images, request render/export endpoints). The only declared environment credential is NEMO_TOKEN, which is exactly what's needed to authenticate to the described backend API.
Instruction Scope
SKILL.md confines actions to the nemovideo API (session creation, SSE chat, upload, export, credits/state). It explicitly instructs not to print tokens/raw JSON. It does require reading the NEMO_TOKEN env var if present and saving a session_id. One minor inconsistency: frontmatter metadata mentions a config path (~/.config/nemovideo/) but the registry summary showed 'Required config paths: none'—clarify whether the agent will read/write that path (likely for caching sessions). Otherwise instructions don't ask to access other unrelated system files or secrets.
Install Mechanism
No install spec or code files are present (instruction-only). No downloads, packages, or binaries are installed, so there's no install-time code execution risk.
Credentials
Only NEMO_TOKEN is required (declared as primaryEnv). The skill also documents an anonymous-token flow (POST with a generated UUID) so a user can avoid supplying a personal token. This is proportionate. Recommend using an ephemeral/anonymous token for untrusted contexts and be cautious about using a long-lived personal token if you don't trust the backend.
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request permanent agent-level privileges. The possible use of ~/.config/nemovideo/ (per frontmatter) may imply local caching; confirm whether it will write there, but there is no evidence it tries to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it uploads images and talks to a third-party rendering API at mega-api-prod.nemovideo.ai using a Bearer token. Before installing or using: (1) Confirm whether the skill will read/write ~/.config/nemovideo/ (frontmatter vs registry summary conflict). (2) Prefer the anonymous-token flow for one-off use instead of providing a personal NEMO_TOKEN. (3) Only upload images you’re comfortable sharing with the service (images and resulting videos are sent to their cloud). (4) Review the service domain and privacy/retention policy if available. (5) If you must supply a long-lived token, consider scoping or rotating it and revoke it if you stop using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97as9jhxwx62g35czdb42gg6n84s62m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏆 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments