Video No Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent cloud video-editing skill that uploads user-selected videos to nemovideo.ai and uses a Nemo token; no artifact-backed malicious behavior was found.
Before installing, make sure you are comfortable sending selected videos to nemovideo.ai and using or creating a Nemo token. For sensitive content or paid accounts, verify the provider, monitor credits, and ask for confirmation before export or other credit-consuming actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Videos uploaded for editing may leave the local environment and be processed by the provider.
The skill sends user-provided video content to an external cloud service for processing, which is central to its purpose but can involve private media.
Drop your video clips in the chat and tell me what you need. I'll handle the video number removal on cloud GPUs
Only upload videos you are comfortable sending to nemovideo.ai, and check the provider's privacy and retention terms if the content is sensitive.
A Nemo token may allow API use against the user's Nemo account or credit balance.
The skill uses a provider token for authenticated API access. This is expected for the service, but the token may control credits or access to provider-side sessions.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a token intended for this service, monitor credit usage, and revoke or rotate it if you stop using the skill.
Edits, exports, or credit-consuming operations could proceed as part of the backend-driven workflow if not kept aligned with the user's request.
The skill instructs the agent to translate backend UI-like responses into API actions. This is part of the documented workflow, but it means remote service responses can influence follow-up edits or exports.
Backend says | You do ... "click [button]" / "点击" | Execute via API
Ask the agent to confirm before exports or other credit-consuming actions, especially when using a paid token.
Users have less registry-provided information for verifying the provider or maintainer before uploading media.
The registry does not provide source or homepage provenance, although the skill relies on a third-party cloud API. There is no local install code shown, so this is a provenance note rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Verify the service identity and terms independently before using it for sensitive or business-critical videos.