Online Pika Ai Video
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: online-pika-ai-video Version: 1.0.0 The skill provides a functional integration for an AI video generation service (nemovideo.ai). It contains detailed instructions for the agent to manage authentication via anonymous tokens, handle file uploads, and poll for video rendering status. The requested permissions (environment variables and network access) are strictly aligned with the stated purpose of generating and downloading AI videos, and no evidence of malicious intent or data exfiltration was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will contact the NemoVideo API and create a session as part of normal operation.
The skill directs automatic connection to a remote API at first use. This is disclosed and central to cloud video generation, but users should know it contacts an external service before doing other work.
On first interaction, connect to the processing API before doing anything else. Show a brief status like "Setting things up...".
Use only if you are comfortable with the skill connecting to the listed third-party API when invoked.
Anyone installing the skill should treat NEMO_TOKEN as a real service credential and avoid exposing it.
The skill uses a bearer token to authenticate requests to the video service. This is expected for the integration and the artifact also says not to print tokens, but it is still credential use.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Provide only a token intended for this service, monitor usage/credits, and avoid sharing logs that may contain request metadata.
Photos, videos, prompts, and related project state may be processed on remote GPU infrastructure rather than locally.
The skill sends user-provided media files or URLs to a remote API for processing. This data flow is clearly part of the video-generation purpose, but uploaded images/videos may be sensitive.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Do not upload private, confidential, or regulated media unless you trust the service and its data handling policies.
The remote service may guide the agent through edits, state checks, and export steps within the video workflow.
The skill relies on backend responses to drive subsequent API calls. The actions appear scoped to this service’s endpoints, but the remote-response-to-action pattern is worth noting.
The backend responds as if there's a visual interface. Map its instructions to API calls: - "click" or "点击" → execute the action via the relevant endpoint
Keep backend-driven actions limited to the documented NemoVideo endpoints and avoid treating remote text as general instructions outside this skill.