Music Generator Hd
PassAudited by ClawScan on May 7, 2026.
Overview
This skill is a coherent cloud music/video generator, but it sends prompts and uploaded media to a third-party NemoVideo backend and uses a Nemo token, so users should verify they trust that service.
Before installing, make sure you are comfortable sending your prompts and media files to the NemoVideo cloud API and using a NEMO_TOKEN with it. Avoid uploading confidential content unless you have verified the provider’s privacy and retention practices, and treat the token like a password.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill must provide or generate a NemoVideo token, which may allow API actions within that service session.
The skill uses a bearer token for the NemoVideo API. This is expected for the service, but it is still account/session authority that users should treat as sensitive.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated or low-privilege token if possible, avoid sharing the token, and revoke or rotate it if you stop trusting the skill or service.
Private videos, audio, images, URLs, or prompts provided to the skill may be processed by the NemoVideo cloud service.
The skill sends user prompts and uploaded media files to an external cloud backend for processing. This is aligned with the stated purpose, but it is a meaningful data-sharing flow.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"` ... **Send message (SSE)**: POST `/run_sse` ... `new_message`
Only upload content you are allowed to share with the provider, and check the provider’s privacy and retention terms before using sensitive media.
The agent may perform follow-up API steps such as state queries or exports based on the backend’s responses, not only direct user wording.
The skill instructs the agent to translate backend GUI-style responses into API actions. This is part of the intended workflow, but it means service responses can trigger additional actions within the session.
`"click" or "点击" → execute the action via the relevant endpoint` ... `"Export" or "导出" → run the export workflow`
Review generated results before sharing or publishing them, and ask the agent to confirm before exports if you want tighter control.
Users have less information to verify who maintains the skill or whether the listed API endpoint is the expected provider.
The registry metadata does not identify a source repository or homepage, which limits independent verification of the service operator or skill provenance.
Source: unknown; Homepage: none
Install only if you trust the publisher and the nemovideo.ai backend; prefer skills with clear source, homepage, and provider documentation.