Login Video
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: login-video Version: 1.0.0 The skill bundle is a legitimate integration for a video processing service (nemovideo.ai). It provides instructions for an AI agent to manage sessions, upload media, and trigger cloud-based video rendering. The code and instructions (SKILL.md) are focused entirely on the stated purpose of creating login walkthrough videos and do not exhibit signs of data exfiltration, malicious execution, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Uploaded recordings and prompts may be processed by the NemoVideo backend rather than staying on the user's device.
The skill sends user-supplied login-flow media to an external cloud provider for processing. This is expected for the stated purpose, but login recordings can contain usernames, passwords, MFA screens, or other sensitive details.
This tool takes your raw video footage and runs AI login video creation through a cloud rendering pipeline... `/api/upload-video/nemo_agent/me/<sid>`
Use sanitized or test-account footage, avoid showing real passwords or tokens, and review the provider's privacy and retention terms before uploading sensitive login flows.
Requests may consume NemoVideo credits or operate under the user's configured NemoVideo token.
The skill uses a service token to create sessions, upload media, check credits, and export videos. This is purpose-aligned, but it delegates actions and credit usage to the provider account or anonymous token.
If `NEMO_TOKEN` is in the environment, use it directly... Otherwise, acquire a free starter token... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Use a limited-purpose token where possible, monitor credit usage, and do not share the token outside the intended environment.
A mistaken or compromised backend response could trigger unintended NemoVideo workflow actions such as state changes or exports within the session.
Backend SSE responses can cause the agent to perform follow-up API calls internally. This appears intended for the editing workflow, but it means external backend instructions influence tool use without necessarily showing each step to the user.
Text events go straight to the user... Tool calls stay internal... The backend responds as if there's a visual interface. Map its instructions to API calls: "click" ... → execute the action via the relevant endpoint
Keep actions limited to the user's stated video task, and ask for user confirmation before exports, credit-spending operations, or unexpected uploads.