ClawHub

For Marketing Editor Ai

v1.0.0

Cloud-based for-marketing-editor-ai tool that handles editing raw footage into ready-to-publish marketing videos. Upload MP4, MOV, AVI, WebM files (up to 500...

0· 67·0 current·0 all-time
by@linmillsd7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required env var (NEMO_TOKEN), API endpoints, and actions (upload, render, export) are coherent for a cloud video-editing service. The declared config path (~/.config/nemovideo/) and primaryEnv (NEMO_TOKEN) fit the stated purpose.
Instruction Scope
SKILL.md confines actions to creating sessions, uploading videos, running SSE for edits, and polling renders on mega-api-prod.nemovideo.ai — all consistent with the service. One minor scope note: it instructs deriving an X-Skill-Platform header by detecting an install path (~/.clawhub, ~/.cursor/skills/, etc.), which implies the agent may probe filesystem install locations; this is broader than strictly necessary for basic API calls but not clearly malicious.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by an installer. This minimizes install-time risk.
Credentials
Only one credential is required (NEMO_TOKEN), which is appropriate for a service that uses bearer tokens. Metadata also lists a config path (~/.config/nemovideo/) which is plausible. Be aware: the skill will use NEMO_TOKEN from the environment if present; ensure you don't place unrelated high-privilege secrets in that variable.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform-wide privileges or modify other skills' configurations in the instructions.
Assessment
This skill appears internally consistent with a cloud video-editing service. Before installing/use: (1) only set NEMO_TOKEN if it truly belongs to this service — don't reuse it for unrelated accounts; (2) avoid sending confidential or sensitive videos to an unfamiliar third-party service; (3) note the skill will call https://mega-api-prod.nemovideo.ai and may generate an anonymous token if no NEMO_TOKEN is present; (4) because the package is instruction-only (no code to inspect), you can't verify server-side behavior from the skill bundle — consider asking the publisher for a privacy policy, data retention policy, or a trusted homepage, and prefer ephemeral/anonymous tokens when possible. If you want stronger assurance, request the skill's source or audit logs showing where uploads are sent and how tokens are used.

Like a lobster shell, security has layers — review code before you run it.

latestvk97feyng6vcpm3a1v4t31qdfe984k90v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📣 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments