Compressor Youtube
ReviewAudited by ClawScan on Apr 30, 2026.
Overview
This skill appears purpose-aligned for cloud video compression, but users should know it uploads videos to a NemoVideo backend and uses a Nemo token/session.
This skill is reasonable to use if you are comfortable uploading your video files to the NemoVideo cloud service and using a NEMO_TOKEN for processing. Avoid sending confidential videos unless you trust the provider, keep your token private, and review the compressed output before posting.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Backend responses may cause the agent to take additional workflow steps without restating every action to the user.
The skill treats certain backend text responses as triggers for follow-up API actions. This is a limited control handoff to the integrated backend, but it is described as part of the intended video workflow.
Backend says | "click [button]" / "点击" | Execute via API
Use the skill for intended video tasks and ask for confirmation before any unexpected upload, edit, or export action.
Videos or URLs provided to the skill can be sent to the remote service and processed into downloadable outputs.
The skill can upload user-provided files or URLs and start server-side render/export jobs. These are normal tools for a video compression skill, but they are high-impact enough for users to notice.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"` ... Export ... POST `/api/render/proxy/lambda`
Only provide media you intend to upload for processing, and verify the requested action before exporting or sharing output links.
The token may grant access to the user's NemoVideo session, credits, and render jobs.
The skill uses a bearer token, either from the environment or an anonymous-token endpoint, to authenticate to the NemoVideo API. This is expected for the disclosed cloud service and no artifact shows token logging or unrelated use.
Check if `NEMO_TOKEN` is set... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... `Authorization: Bearer <token>`
Keep NEMO_TOKEN private, avoid sharing logs that contain it, and rotate or remove it if you no longer use the service.
Users have less information for independently verifying the publisher or service provenance.
The skill has limited public provenance metadata. There is no local install script or code in the provided artifacts, so this is a provenance note rather than evidence of unsafe installation behavior.
Source: unknown; Homepage: none
Review the service domain and publisher before trusting it with important or private videos.
Session state may retain information about uploaded videos, drafts, generated media, and render jobs.
The skill maintains a session identifier and later queries session state containing draft and media information. This is expected for a multi-step render workflow, but it means remote context persists across requests.
Store the returned `session_id` for all subsequent requests.
Avoid uploading sensitive media unless you trust the remote service, and clear sessions or tokens when finished if the platform provides that option.
Uploaded videos leave the local environment and are processed by the remote provider.
The skill sends user media to an external backend named nemo_agent for processing. The endpoint and bearer-token authorization are disclosed, making this purpose-aligned, but it is still a data boundary users should understand.
The AI video compression runs on remote GPU nodes — nothing to install on your machine... Upload: POST `/api/upload-video/nemo_agent/me/<sid>`
Do not upload private, regulated, or confidential videos unless you are comfortable with the provider's handling of that data.
A started render may become difficult to monitor or recover if the session is closed mid-job.
A render job can continue or become untracked after the local session is interrupted. This is disclosed and contained to the remote render workflow.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Keep the session open until completion when possible, and record output or job information if the service exposes it.
Users may expect larger file support or higher quality preservation than the service reliably provides.
The instructions contain a size-limit inconsistency and marketing-style claims such as compression without losing quality. This is not evidence of malicious behavior, but users should verify actual limits and output quality.
Upload your large video files ... up to 500MB ... A quick example: upload a 1.2GB YouTube vlog
Check file-size limits and review compressed output before relying on it for publishing.