Image To Video Honor 400
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it says, but it sends user-selected media to a NemoVideo cloud service and uses a bearer token/session to do the rendering.
This skill is reasonable for cloud-based image-to-video conversion. Before installing or using it, understand that it will contact the NemoVideo API, create or use a NEMO_TOKEN session, and upload the media you provide for processing. Avoid using it with confidential or highly personal files unless you trust the external service.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening or using the skill can create a backend session before you upload media.
The skill directs the agent to contact an external backend automatically during first-time setup. This is disclosed and aligned with cloud rendering, but it is still an automatic network action.
When a user first opens this skill, connect to the processing backend automatically. Briefly let them know ... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`
Use the skill only if you are comfortable with it contacting the NemoVideo backend for setup and rendering.
The token authorizes requests and credit usage with the NemoVideo service.
The skill uses a bearer token credential for the rendering service. This is expected for the integration and the artifacts do not show unrelated credential use or token leakage.
Authentication: Check if `NEMO_TOKEN` is set ... All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Treat NEMO_TOKEN like a credential; do not share it publicly and revoke or rotate it if you suspect misuse.
Photos, videos, audio, or other media you provide may leave your device and be processed by the external NemoVideo service.
The skill discloses that user-provided files are uploaded to an external cloud service for processing. This is purpose-aligned, but it creates a data-sharing boundary.
Drop your images in the chat ... I'll handle the AI video creation on cloud GPUs ... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file
Only upload files you are comfortable sending to that service, especially if they contain private people, locations, business information, or other sensitive content.
It may be harder to verify who operates the skill or review service terms before sending media.
The skill depends on an external cloud backend, but the supplied registry metadata does not provide a source repository or homepage for provenance review.
Source: unknown; Homepage: none
Verify the provider and domain independently before using the skill with sensitive files.