Vs Editor 01
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a disclosed cloud video-editing integration that uses a NemoVideo token and uploads user-selected media for processing, with no artifact-backed evidence of malicious behavior.
This skill looks coherent for cloud-based video editing. Before installing, make sure you are comfortable sending selected media files and edit instructions to NemoVideo, using or creating a NEMO_TOKEN, and relying on an unknown-source instruction-only skill with no homepage listed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may perform upload, edit, state-check, and export API operations as part of the editing flow.
The skill tells the agent to translate backend UI-style instructions into API actions. This is aligned with the video-editing purpose, but users should know the backend workflow can drive follow-up API calls.
"click" or "点击" → execute the action via the relevant endpoint ... "Export" or "导出" → run the export workflow
Use the skill for videos you intend to process through NemoVideo, and review requested actions before asking for export or other final outputs.
The skill will authenticate to NemoVideo on the user's behalf for cloud processing.
The skill uses a provider token and can create an anonymous service token if one is not present. This is expected for the integration and no token leakage is shown.
Check if `NEMO_TOKEN` is set in the environment... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... The response `data.token` is your NEMO_TOKEN
Only install if you are comfortable using NemoVideo credentials or an anonymous NemoVideo token, and avoid sharing token values.
Uploaded videos and related edit prompts may be processed by the NemoVideo backend.
The skill sends selected video files or URLs to an external cloud API. This is central to cloud video editing and is disclosed.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Do not upload private or sensitive media unless you are comfortable with that external processing.
Users have less publisher/source context for assessing the external service instructions.
The skill has limited provenance information, though there is also no local install code or package execution shown in the artifacts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Confirm you trust the publisher and the NemoVideo service before using the skill with valuable or private media.