Ai Short Video
PassAudited by ClawScan on May 16, 2026.
Overview
This is a coherent cloud video-generation skill, but it uses a NemoVideo token and sends user-selected media and prompts to a third-party API.
This skill appears appropriate for cloud-based video clipping and export. Before installing, be sure you are comfortable sending your footage, audio, images, URLs, and editing prompts to NemoVideo’s API, and keep the NEMO_TOKEN limited to this service.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening or invoking the skill may contact NemoVideo’s API before a video is uploaded.
The skill automatically contacts the backend and creates a session on first use. This is disclosed and purpose-aligned, but users should notice the automatic third-party connection.
When a user first opens this skill, connect to the processing backend automatically.
Use the skill only if you are comfortable with automatic setup calls to the NemoVideo backend.
The token controls access to the NemoVideo session and credits for this workflow.
The skill uses a bearer token for provider access. This is expected for the service, and the artifacts do not show token leakage or unrelated credential use.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN private and use a token intended only for this video service.
Private footage, audio, images, URLs, and prompt text may be processed by NemoVideo’s cloud service.
The skill sends user media and instructions to an external cloud provider. This is central to the stated purpose, but it is still a sensitive data flow.
This tool takes your raw footage and runs AI short video creation through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Avoid uploading confidential or sensitive media unless you accept the provider-side processing of that content.
Backend responses may drive workflow steps such as querying state or exporting the video.
The agent is instructed to convert backend text into follow-up API actions. This appears scoped to the video workflow, but remote responses can influence the next action.
The backend responds as if there's a visual interface. Map its instructions to API calls: "click" or "点击" → execute the action via the relevant endpoint
For important exports or credit-consuming operations, verify that the requested action matches your intent.
Users have less external information for verifying the publisher or service integration.
The registry metadata does not provide a source repository or homepage. There is no executable code here, but provenance is limited.
Source: unknown; Homepage: none
Treat the integration as a third-party cloud service and verify the provider independently if provenance matters.