Ai Video Editor Logo
PassAudited by ClawScan on Apr 30, 2026.
Overview
This is a cloud video-editing skill that clearly relies on an external Nemo Video API and token, with no local code or install script, but users should understand their videos and prompts are sent to that service.
This skill appears coherent for cloud-based logo watermarking and has no local code or install script, but it depends on an external API. Use it only with videos and logos you are comfortable uploading to that service, keep NEMO_TOKEN private, and verify any credit, subscription, and export limitations before relying on it.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The remote editing backend may influence what editing or export steps the agent performs during the session.
The skill tells the agent to treat certain backend responses as instructions to perform API actions. This is purpose-aligned for a GUI-backed video editor, but users should know backend text can drive follow-up actions.
"Backend says | You do" ... "click [button]" / "点击" | "Execute via API"
Review important edits or exports before relying on the result, especially if the backend response suggests actions you did not explicitly request.
Videos, logos, and editing prompts may be sent to the Nemo Video API for processing.
The skill uses API operations to upload user media and trigger cloud rendering. These are normal for the stated video watermarking purpose, but they are external actions involving user files.
"Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`" and "Export ... POST `/api/render/proxy/lambda`"
Only provide files you are comfortable uploading to the remote processing service, and verify the intended edit/export before proceeding.
Anyone with access to the token may be able to use the associated Nemo Video API access or credits.
The skill requires a bearer token for the external video service. This credential use is disclosed and aligned with the service integration.
"Token: If `NEMO_TOKEN` environment variable is already set, use it" and "All requests must include: `Authorization: Bearer <NEMO_TOKEN>`"
Keep NEMO_TOKEN private, avoid sharing logs that contain credentials, and revoke or rotate the token if it is exposed.
Users have limited public provenance information about who maintains the skill or the external service integration.
The skill has no local code or install dependency, but the registry metadata does not provide a source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Prefer using this with non-sensitive media unless you trust the publisher and the Nemo Video API endpoint.
The output may depend on remote project state stored during the editing session.
The skill relies on remote session state for drafts, uploaded media, and generated outputs. This is expected for a cloud editor, but stale or incorrect session state could affect later exports.
"Session state: GET `/api/state/nemo_agent/me/<sid>/latest` — key fields: `data.state.draft`, `data.state.video_infos`, `data.state.generated_media`"
Check the session state or track summary before exporting if you have made multiple edits or uploaded multiple files.
Your prompts, videos, logos, and generated media metadata may be handled by the external Nemo Video service.
The agent communicates with an external service named `nemo_agent` and uploads user media to it. This is disclosed and central to the cloud-rendering purpose, but it creates a sensitive data boundary.
"Send message (SSE): POST `/run_sse` — body `{"app_name":"nemo_agent"...}`" and "Upload: POST `/api/upload-video/nemo_agent/me/<sid>`"Do not upload confidential, regulated, or private media unless you trust the service's privacy and retention practices.
A render job may continue or become difficult to retrieve if the session is interrupted.
The skill discloses that render jobs are queued remotely and may become orphaned if the session is closed before completion. This is a normal cloud-rendering risk rather than hidden behavior.
"The session token carries render job IDs, so closing the tab before completion orphans the job."
Keep the session open until rendering completes and save the returned download URL promptly.
You may need registration or a paid plan for some exports despite the free-token setup.
The skill mentions free anonymous tokens and free export, while also documenting that export can be blocked by subscription tier. This is disclosed in error handling but may surprise users.
"Free token ... `NEMO_TOKEN` (100 credits, 7-day expiry)" and "402 | Free plan export blocked ... `Register or upgrade your plan to unlock export.`"
Confirm credit, plan, and export availability before depending on the service for time-sensitive work.