Book Maker
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will connect to NemoVideo and create a service session before rendering or uploading content.
The skill directs the agent to make automatic network/API calls to initialize the cloud service. This is expected for the stated video-rendering purpose, but users should know setup happens automatically.
On first use, set up the connection automatically ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`
Install only if you are comfortable with the skill making NemoVideo API calls for setup, upload, generation, and export.
The token authorizes cloud rendering sessions and may be tied to credits or account state.
The skill uses a bearer token to authorize requests to the cloud backend. This is disclosed and expected for the service integration, with no evidence of token logging or unrelated use.
Look for `NEMO_TOKEN` in the environment ... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Use a dedicated or disposable NemoVideo token where possible, and do not share raw token values.
Book covers, manuscript text, audio, or other uploaded assets may leave the local environment for cloud processing.
The skill sends user-provided media and prompts to an external cloud processing backend. This is central to the skill's purpose, but the provided artifact does not describe retention or privacy terms.
Drop your images, text content in the chat ... I'll handle the AI book video creation on cloud GPUs
Avoid uploading confidential or unreleased material unless you trust the NemoVideo backend and its data-handling policies.
It may be harder to verify who maintains the skill or the external backend before sending media to it.
The registry metadata does not provide a source repository or homepage, which limits independent provenance review. There is no code or install script present, so this remains a provenance note rather than a concern.
Source: unknown; Homepage: none
If your content is sensitive, verify the publisher and backend service before installation or use.