Video Transcription Tool
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private video, audio, and prompt content may leave the user's environment for cloud transcription and rendering.
The skill clearly sends user video files and prompts to a third-party cloud API for processing.
This skill connects to a cloud processing backend... You upload, describe what you want, and download the result. ... All calls go to `https://mega-api-prod.nemovideo.ai`.
Use the skill only with media you are comfortable uploading to the NemoVideo backend, and check the provider's privacy and retention terms before using sensitive recordings.
Anyone with the token may be able to use the associated NemoVideo session or credits, depending on the service's token scope.
The skill uses a bearer token for all backend calls; this is expected for the service and the instructions include a token-handling safeguard.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`... Don't expose tokens or raw API output.
Use a dedicated or low-privilege NEMO_TOKEN if available, avoid sharing logs that may contain headers, and monitor credit usage.
Ambiguous prompts could result in edits or renders being sent to the cloud backend, though this is consistent with the tool's purpose.
The skill exposes a broad remote editing/rendering workflow through the backend, including export actions that may consume credits.
"Everything else (generate, edit, add BGM…)" → "§3.1 SSE" ... "Export" or "导出" → run the export workflow
Give clear instructions and confirm important operations such as exports, credit-consuming renders, or edits to important media.
A render job may continue on the backend after the user stops interacting, potentially leaving work unfinished or credits tied up.
Cloud render jobs can continue or become detached from the active session, which is a limited persistence behavior.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Wait for exports to complete when possible and check job or credit status after interruptions.
Users have less public information to verify who operates or maintains the integration.
The registry metadata does not provide a source repository or homepage, which limits provenance verification for a skill that connects to an external backend.
Source: unknown; Homepage: none
Verify the publisher and the nemovideo.ai service before uploading sensitive files or using paid credits.