ClawHub

Easy Video Editor With Ai

v1.0.0

Turn a 2-minute smartphone recording into 1080p polished edited clips just by typing what you need. Whether it's quickly editing raw footage into a shareable...

0· 33·0 current·0 all-time
by@linmillsd7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (AI video editing) align with the declared need for a NEMO_TOKEN and APIs at mega-api-prod.nemovideo.ai. The requirement to read local video file paths for upload is expected. Minor inconsistency: the top-level registry metadata lists no required config paths, but the SKILL.md frontmatter metadata includes a configPaths entry (~/.config/nemovideo/), which is unexplained.
Instruction Scope
SKILL.md instructions stay within video-editing scope: check/create NEMO_TOKEN, create session, send SSE messages, upload files, poll render status. It explicitly instructs reading user-supplied files for upload and using environment variable NEMO_TOKEN. It does not direct reading unrelated system files or additional credentials. The document does mention detecting install path to set X-Skill-Platform (e.g., ~/.clawhub/), which implies checking environment/install location but not arbitrary sensitive files.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. No downloads, no extracted archives, and no external package installs are specified.
Credentials
Only a single credential (NEMO_TOKEN) is declared as required/primary and is justified by the remote API calls. The SKILL.md also describes an anonymous-token flow (POST to the service to obtain a temporary NEMO_TOKEN) if none is present, which is reasonable but means the skill may create/use a token on your behalf. The earlier-mentioned configPaths in the SKILL.md metadata contradict the registry's 'none' entry and could indicate expected on-disk config usage; this should be clarified.
Persistence & Privilege
always is false and autonomous invocation is the default. The skill does not request persistent system-wide privileges or modify other skills' configurations. No install-time persistence or system config writes are specified in SKILL.md.
Assessment
This skill appears to be a straightforward cloud video-editing connector that needs a single token (NEMO_TOKEN) and access to any video file paths you want to upload. Before installing, consider: 1) Provide your own NEMO_TOKEN if you have one rather than relying on the anonymous-token flow, or understand that the skill will obtain a short-lived anonymous token from mega-api-prod.nemovideo.ai. 2) Only upload files you are willing to send to that remote service — verify the service's privacy/data-retention policy. 3) Clarify the metadata mismatch: SKILL.md lists a config path (~/.config/nemovideo/) while registry metadata did not — ask the author whether the skill will read or write that directory and why. 4) If you are concerned about exfiltration, avoid placing unrelated credentials or sensitive files in the same paths, and monitor outbound network calls. Overall the skill is internally coherent for its stated purpose, but confirm the config path behavior and trustworthiness of the nemovideo.ai endpoint before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717fnyy307mkea8x5dt1ywzs84v918

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments