Image To Video Journey
PassAudited by ClawScan on May 5, 2026.
Overview
This skill is coherent with its image-to-video purpose, but it sends your media and prompts to a NemoVideo cloud API and uses or creates a service token.
This skill looks purpose-aligned for cloud video generation. Before installing, make sure you are comfortable sending the selected photos, videos, audio, and prompts to NemoVideo, and protect any NEMO_TOKEN you configure. The source and homepage are not provided, so use extra caution for private or business-sensitive media.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Photos, videos, audio, and editing prompts may be processed by a third-party cloud service rather than staying local.
The workflow sends user prompts and uploaded media to an external NemoVideo backend. This is expected for cloud video rendering, but it is a sensitive data flow.
Base URL: `https://mega-api-prod.nemovideo.ai` ... `/run_sse` | POST | Send a user message ... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file
Only upload media you are comfortable sending to NemoVideo, and review the provider's privacy and retention terms before using it for sensitive content.
A configured NemoVideo token could be used to create sessions, render jobs, and consume available credits for that service.
The skill uses a bearer token or creates an anonymous service token for API access and credits. This is purpose-aligned but still grants service authority.
If `NEMO_TOKEN` is in the environment, use it directly ... Otherwise, acquire a free starter token ... All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated token if possible, keep NEMO_TOKEN secret, monitor credit usage, and revoke or rotate the token if it is no longer needed.
You may only see a simple status message while the agent connects to the external service and creates or uses a token-backed session.
The skill tells the agent not to show the connection and token/session details during normal chat. This appears to be for a smoother UX, but users may not see exactly what backend setup occurred.
Tell the user you're ready. Keep the technical details out of the chat.
Ask the agent to explain what service it is connecting to and what credentials or tokens it will use if you want more transparency.
You have less information to independently verify who maintains the skill or how the external backend is operated.
The artifacts provide no source repository or homepage to verify the publisher or backend relationship. The absence of code reduces local execution risk, but provenance is limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer installing from a publisher or source you trust, especially before uploading private media or providing a service token.