Video Compressor For Discord
v1.0.0Get compressed Discord-ready videos ready to post, without touching a single slider. Upload your video files (MP4, MOV, AVI, WebM, up to 500MB), say somethin...
⭐ 0· 18·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, declared primary credential (NEMO_TOKEN), and all runtime endpoints target the same nemo-video cloud service (mega-api-prod.nemovideo.ai). Nothing in the instructions asks for unrelated credentials or system-level access, so the requested access aligns with the described cloud-based video-compression purpose.
Instruction Scope
The SKILL.md instructs the agent to check for NEMO_TOKEN, create a session, upload user video files, stream SSE messages, and poll export status — all expected for a cloud render pipeline. Important user-impact: video files and session tokens are sent to external servers, and the skill will obtain an anonymous token via an HTTP POST if no token exists. The skill also describes detecting an install path to set an attribution header (reads agent/install path), which is minor but worth noting because it implies inspecting the agent environment.
Install Mechanism
There is no install spec and no code files — instruction-only skill — so nothing is downloaded or written to disk by an installer. This is the lowest-risk install posture.
Credentials
Requesting a single service token (NEMO_TOKEN) is proportionate for a cloud API. Minor inconsistency: registry metadata shown to you earlier lists no required config paths, while the SKILL.md frontmatter includes a configPaths entry (~/.config/nemovideo/). It's unclear whether the skill will read/write that path. Also note the skill will try to obtain an anonymous token from the provider if NEMO_TOKEN is not present — this is useful but means the agent will contact the external auth endpoint and receive a token with credits and expiry.
Persistence & Privilege
always:false (no forced global inclusion); the skill does not request persistent, system-wide modifications or elevated privileges. It stores/uses session IDs for job management as expected for a remote-render service.
Assessment
This skill appears to do what it says: it uploads your video files to nemo's cloud rendering service and uses a single service token (NEMO_TOKEN) or an anonymous short-lived token it fetches. Before installing/using it, consider: 1) You will be uploading potentially sensitive video/audio to https://mega-api-prod.nemovideo.ai — confirm you trust the provider and understand their privacy/storage policy. 2) You can supply your own NEMO_TOKEN to control which account is used; otherwise the skill will request an anonymous token from the provider (100 free credits, 7-day expiry). 3) There is a small metadata mismatch: the registry showed no required config paths but the SKILL.md mentions ~/.config/nemovideo/ — ask the publisher whether the skill reads/writes that path if this matters. 4) Because this is instruction-only, no code is installed locally, but the agent will send files and tokens over the network. If you need stronger guarantees (end-to-end control or privacy), avoid sending sensitive content to the service.Like a lobster shell, security has layers — review code before you run it.
latestvk973rxrss3vyrgeqe5qb96hkp584p8x0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎮 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN