Syntax Highlight Editor
PassAudited by ClawScan on Apr 30, 2026.
Overview
This instruction-only skill appears aligned with cloud video editing, but it sends recordings, prompts, and session data to NemoVideo's backend using a token.
Install only if you are comfortable sending code screen recordings and editing instructions to NemoVideo's cloud service; avoid recordings that show secrets, private code, credentials, or sensitive customer data.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external editor backend may steer what editing or state actions the agent performs after a user request.
Backend responses are treated as actionable workflow instructions. This is coherent with a cloud editor integration, but users should know the remote service can influence subsequent API actions within the video-editing flow.
The backend responds as if there's a visual interface. Map its instructions to API calls: - "click" or "点击" → execute the action via the relevant endpoint
Keep backend-directed actions limited to the user's requested video task, and ask for confirmation before uploads, exports, or account-affecting steps.
A chosen recording or URL can be sent to the cloud service and rendered into downloadable output.
The skill exposes upload, SSE editing, state, credits, render, polling, and download operations against a cloud API. These are expected for video rendering, but uploads and exports should stay user-directed and scoped to intended media.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only provide files or URLs you intend to upload, and review the requested action before starting render/export.
The token may authorize credits, sessions, uploads, and render jobs for the NemoVideo service.
The skill uses a service-specific bearer token, or obtains an anonymous starter token, to authorize sessions and render operations. This is expected for the integrated service, with no artifact evidence of unrelated credential use.
If `NEMO_TOKEN` is in the environment, use it directly and create a session. Otherwise, acquire a free starter token
Use a service-specific token, avoid sharing it in chat or logs, and understand that anonymous tokens are still account-like credentials for the backend.
Users have limited registry-provided information for independently verifying the publisher or service behind the cloud renderer.
There are no local dependencies or install scripts, but the skill's provenance information is limited while it relies on an external backend service for its core function.
Source: unknown; Homepage: none
Verify that the NemoVideo domain and publisher are trusted before uploading sensitive recordings.
Edits, media metadata, and generated outputs may persist in the cloud session and be reused during the workflow.
The backend maintains session state, drafts, uploaded video information, and generated media references. This is expected for a video editor, but prior session state can influence later exports within that session.
Session state: GET `/api/state/nemo_agent/me/<sid>/latest` — key fields: `data.state.draft`, `data.state.video_infos`, `data.state.generated_media`
Start a new session for unrelated projects and avoid mixing sensitive and non-sensitive recordings in the same session.
Your code recording and editing instructions can leave your local environment and be processed by the cloud provider.
Prompts, recordings, URLs, and render state are exchanged with an external HTTPS backend. The destination is disclosed and purpose-aligned, but retention and privacy boundaries are not described in the artifacts.
API base: `https://mega-api-prod.nemovideo.ai`; Send message (SSE): POST `/run_sse`; Upload: POST `/api/upload-video/nemo_agent/me/<sid>`
Do not upload recordings that show secrets, private source code, credentials, customer data, or unreleased information unless you trust the provider's handling of that data.
Users may not see the details of the backend connection or token/session setup unless they ask.
This appears intended as user-friendly status handling, but it can reduce transparency about token acquisition, session creation, and external API use.
Tell the user you're ready. Keep the technical details out of the chat.
Provide a simple disclosure that the skill connects to NemoVideo's cloud service and may upload provided media for rendering.
A started cloud render may continue even if the local chat or tab is closed before completion.
Render jobs can continue or become orphaned in the backend if the client exits mid-render. This is disclosed and purpose-aligned for cloud rendering, not evidence of a hidden local agent.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Wait for render completion when possible, and avoid starting exports you do not intend to finish.