Add Music To Video Online
PassAudited by ClawScan on Apr 30, 2026.
Overview
This looks like a purpose-aligned online video editing skill, but it sends your media and editing instructions to NemoVideo's cloud API using a service token and remote session.
Use this skill only with videos, audio, and prompts you are comfortable sending to NemoVideo's cloud service. Keep NEMO_TOKEN private, be aware that exports may use credits or require plan access, and consider verifying the provider separately because the registry lists no source or homepage.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external editing service may guide parts of the workflow after you ask for edits.
Backend responses are used to drive subsequent API actions. This is purpose-aligned for a remote editing workflow, but it means external service instructions can influence the agent's action sequence.
The backend responds as if there's a visual interface. Map its instructions to API calls: - "click" or "点击" → execute
Use the skill for its intended video-editing tasks and review final actions such as export/download, especially if credits or account limits matter.
Your requested edits and exports are performed through cloud API operations rather than locally.
The skill can start remote render/export jobs and poll status. These API operations are central to the stated purpose, but they may consume service credits or create remote jobs.
| `/api/render/proxy/lambda` | POST | Start export. Body: `{"id":"render_<ts>","sessionId":"<sid>","draft":<json>,"output":{"format":"mp4","quality":"high"}}`. Poll status every 30s. |Confirm that you want to upload and export before using it with important or private media.
The skill will authenticate to NemoVideo using your token or an anonymous starter token.
The skill uses a provider token or obtains an anonymous token for the NemoVideo service. This is expected for the integration and no unrelated credential use is shown.
If `NEMO_TOKEN` is in the environment, use it directly and create a session. Otherwise, acquire a free starter token
Keep NEMO_TOKEN private and use a token intended only for this service.
You have limited registry-provided information for independently verifying who maintains the skill.
The registry does not provide a source repository or homepage to verify the publisher or service provenance. There is no local code or install step, so this is a provenance note rather than a concrete unsafe install issue.
Source: unknown Homepage: none
Use extra caution with private media and verify the NemoVideo service separately if provenance matters to you.
Your editing session and media-related state may exist on the remote service while the project is active.
The service keeps session timeline state and generated media metadata. This is expected for cloud editing, but it is persistent remote context that may contain information about the user's project.
| `/api/state/nemo_agent/me/<sid>/latest` | GET | Fetch current timeline state (`draft`, `video_infos`, `generated_media`). |
Avoid uploading sensitive videos or audio unless you are comfortable with the provider handling the project state.
Your editing requests are processed by NemoVideo's backend, not only by the local agent.
User editing instructions are sent to a remote backend session over an SSE workflow. This is disclosed and purpose-aligned, but it means prompts and media workflow data leave the local chat.
| `/run_sse` | POST | Send a user message. Body includes `app_name`, `session_id`, `new_message`. Stream response with `Accept: text/event-stream`. Timeout: 15 min. |
Do not include unrelated secrets or sensitive personal details in editing prompts.
An interrupted export may leave a remote render job unfinished or orphaned.
Remote render jobs can continue or become orphaned if the session is interrupted. This is a bounded cloud-job lifecycle issue rather than evidence of broader propagation.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Wait for exports to complete and check status before closing the session when possible.
You may not see every backend connection or session detail during normal use.
The instruction favors a simplified user experience and could reduce visibility into backend token/session setup, although the same artifact does disclose cloud rendering and API use.
Tell the user you're ready. Keep the technical details out of the chat.
Understand that the skill connects to NemoVideo's cloud service even if the chat only shows brief status messages.