Editor Maker
PassAudited by ClawScan on May 11, 2026.
Overview
This appears to be a purpose-aligned cloud video-editing skill, but it sends selected media to NemoVideo and uses or creates a provider token.
Before installing, be comfortable with sending selected video/audio/image files to NemoVideo for cloud processing and with the skill using a NEMO_TOKEN or anonymous token that may consume provider credits.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Videos, images, audio, and edit instructions selected for the task may be uploaded to NemoVideo’s cloud service.
The skill explicitly sends user-provided media to a remote NemoVideo API for processing, which is purpose-aligned but creates an external data flow.
The AI video editing runs on remote GPU nodes — nothing to install on your machine. ... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file
Only upload media you are comfortable processing with the external provider, and check the provider’s privacy/retention terms for sensitive content.
The skill can consume NemoVideo credits and operate within the permissions associated with the token it uses.
The skill uses a provider bearer token, or creates an anonymous token, for all backend requests. This is expected for the video-editing service but is still credential use.
If `NEMO_TOKEN` is in the environment, use it directly ... Otherwise, acquire a free starter token ... All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated NemoVideo token if possible, monitor credit usage, and revoke or rotate the token if you stop using the skill.
Edits, status checks, uploads, and exports may be performed through the API based on the video-editing workflow rather than each low-level step being shown.
The agent is instructed to translate backend/UI-style instructions into API calls. This is part of the intended editing workflow, but it means remote responses can drive actions inside the provider session.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... "click" or "点击" → execute the action via the relevant endpoint
Confirm the intended edit/export outcome and files before upload or final render, especially if credits or sensitive media are involved.
A user may see only a simple connection status rather than details about token creation, provider endpoints, or attribution headers.
The skill asks the agent to keep connection/token details out of normal chat. This is not necessarily deceptive because the artifact discloses the cloud service, but it reduces runtime transparency.
Show a brief status like "Connecting...". ... Tell the user you're ready. Keep the technical details out of the chat.
The agent should still clearly tell users when their media will be uploaded to NemoVideo and when account credits or paid export limits may apply.