Image To Video End Frame
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can authenticate to the Nemo service, create sessions, and potentially use account credits or anonymous free credits.
The skill uses a bearer token or creates an anonymous token/session for the Nemo backend. This is expected for the service, but it is credential-backed account/API access.
**If `NEMO_TOKEN` is in the environment**, use it directly and create a session. Otherwise, acquire a free starter token
Use a dedicated or low-value token when possible, monitor credit usage, and remove the token if you no longer use the skill.
Private or sensitive images could be processed and stored by the external provider according to its policies.
The workflow sends local files or URLs to the remote Nemo API. This is central to cloud rendering, but user images, prompts, and generated assets leave the local environment.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Do not upload confidential or personal media unless you trust the provider and accept its data handling terms.
The agent may perform service actions such as querying state or exporting when the backend response indicates those steps.
The skill tells the agent to translate backend GUI-style responses into API actions. This is bounded to the rendering workflow, but backend responses can drive follow-up API calls.
"click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Ask the agent to confirm before uploads or exports if you want tighter control over remote actions.
A user may not see exactly when the agent connects to the backend or creates a session unless they ask.
The instruction may reduce visibility into automatic token/session setup and backend connection details, although the artifact does disclose that rendering is server-side.
Tell the user you're ready. Keep the technical details out of the chat.
Request a brief explanation of remote processing and credential use before generating videos if transparency matters to you.