Generator Hitler
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the token could potentially use the associated NemoVideo session or credits.
The skill requires and uses a bearer token for the video-generation service. This is expected for the integration, but the token grants access to the user's service session or credits.
Check if `NEMO_TOKEN` is set in the environment... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Store NEMO_TOKEN as a secret, avoid sharing logs that include headers, and rotate or replace the token if it may have been exposed.
Text prompts and uploaded files may be processed by the third-party backend rather than staying local.
The skill sends prompts and user-provided media to an external cloud provider for generation and rendering. This is disclosed and purpose-aligned, but it is an external data boundary.
**API base**: `https://mega-api-prod.nemovideo.ai` ... **Send message (SSE)** ... `new_message` ... **Upload** ... `files=@/path`, or URL
Do not upload private, confidential, or regulated material unless you trust the provider and understand its data handling terms.
Users have less information to verify who operates the service or how it is maintained.
The skill relies on a remote backend, but the registry information does not provide a source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Review the provider and domain before sending sensitive prompts or files, and prefer documented official sources when available.