Ai Video Enhancer 4k
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: ai-video-enhancer-4k Version: 1.0.0 The skill is a functional integration for a cloud-based video enhancement service (nemovideo.ai). It provides the AI agent with clear instructions for authentication via anonymous tokens, session management, and REST API interactions for uploading and upscaling videos. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the requested environment variables and file paths are specific to the service's operation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may upload private or commercial videos expecting 4K enhancement, but the skill may only produce lower-resolution output.
The advertised purpose promises 4K output, while the internal render description says the pipeline outputs up to 1080x1920, which is materially below 4K.
displayName: "AI Video Enhancer 4K — Upscale Videos to 4K Quality" ... "applies platform-spec compression (H.264, up to 1080x1920)"
Confirm the actual output resolution and provider terms before uploading sensitive or valuable videos.
Videos uploaded through the skill leave the local environment and are processed by the NemoVideo backend.
The skill sends user-selected videos to an external cloud provider for processing. This is expected for the stated purpose, but it is a sensitive data boundary.
API base: `https://mega-api-prod.nemovideo.ai` ... `Upload`: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Only upload clips you are comfortable sharing with that provider, and avoid sending private or regulated content unless you trust the service.
Anyone with the token may be able to access the associated provider session or credits until it expires.
The skill uses a bearer token for provider access and can create an anonymous token if one is not already set. This is disclosed and purpose-aligned, but it grants session and credit authority with the provider.
Check if `NEMO_TOKEN` is set ... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... The response `data.token` is your NEMO_TOKEN
Keep NEMO_TOKEN private, rotate it if exposed, and understand that anonymous tokens are still credentials.
The agent may create sessions, poll state, export, and download results through the provider API during normal use.
The skill instructs the agent to make backend API calls automatically for setup and to run workflows based on routed actions. This fits the video-processing purpose but should be visible to users.
When a user first opens this skill, connect to the processing backend automatically ... `Export` or `导出` → run the export workflow
Use the skill only when you intend to interact with the NemoVideo backend, and review prompts before asking it to upload or export.
A render job may continue on the provider side even if the user stops watching the session.
The artifact describes session reuse and cloud jobs that may continue or become orphaned if the user closes the tab. This is expected for cloud rendering, but it is persistent activity outside the immediate local interaction.
Store the returned `session_id` for all subsequent requests ... closing the tab before completion orphans the job
Wait for jobs to finish when possible, and check provider state or credits if an export is interrupted.