Ai Video Leonardo
PassAudited by ClawScan on May 11, 2026.
Overview
This instruction-only video-generation skill appears purpose-aligned, but it uploads your media/prompts to a disclosed cloud API and uses a NEMO token or anonymous token for credits.
Before installing, make sure you are comfortable sending selected images, videos, audio, and prompts to mega-api-prod.nemovideo.ai. Use a dedicated NEMO_TOKEN or the anonymous token flow, protect the token, and ask for confirmation before exports if credit usage matters.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill is delegating service access and available credits to the agent for this video workflow.
The skill uses a service token to authenticate requests and access the provider's credit/session system.
If `NEMO_TOKEN` environment variable is already set, use it ... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Use a dedicated or limited token where possible, avoid sharing the token, and monitor credit usage.
Uploaded files, prompts, session state, and generated video data may be processed by the external provider.
The skill clearly sends user prompts and selected media files to an external cloud video-generation backend.
You upload, describe what you want, and download the result. ... All calls go to `https://mega-api-prod.nemovideo.ai`.
Only upload media you are comfortable sending to that provider, and review the provider's privacy/retention terms if the content is sensitive.
The agent may create sessions, perform edits, poll render status, and export videos within the provider workflow after invocation.
The instructions allow automatic provider API setup and translate backend GUI prompts into API actions such as export.
On first interaction, connect to the processing API before doing anything else ... Backend says ... `Export button` / `导出` | Execute export workflow
Give explicit instructions about exports and paid/credit-consuming actions, and ask the agent to confirm before spending credits if needed.