Trimmer Flutter
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NemoVideo may receive a generated client identifier and session setup request when the skill is opened.
The skill initiates a backend connection on first use. This is disclosed and purpose-aligned, but users should know it creates a remote session before media editing begins.
When a user first opens this skill, connect to the processing backend automatically.
Use the skill only if you are comfortable with automatic setup against the NemoVideo backend.
Anyone with the token could potentially use the associated NemoVideo session or credits.
The skill uses an API bearer token for all provider requests. This is expected for a cloud rendering service, but the token is still a credential.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Protect NEMO_TOKEN, avoid sharing logs that contain it, and rotate or let it expire if you no longer trust the environment.
Uploaded videos, images, audio, URLs, and edit prompts may be processed by NemoVideo.
The skill sends user-selected media to a third-party processing API. This is central to the stated cloud video-editing purpose, but it crosses a data boundary.
`/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file (multipart) or URL.
Do not upload private or sensitive footage unless you trust NemoVideo’s handling of that data.
Users have less external information for verifying who maintains the skill or the service it relies on.
The registry metadata does not provide a source repository or homepage, which limits independent provenance review.
Source: unknown; Homepage: none
Verify the service domain and publisher trust before uploading valuable or sensitive media.