Video Editor Android
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: video-editor-android Version: 1.0.0 The video-editor-android skill is a functional integration for a cloud-based video editing service (nemovideo.ai). It provides clear instructions for the AI agent to handle authentication via anonymous tokens, manage sessions, upload media, and poll for render status. The skill uses standard API patterns and requires specific attribution headers (X-Skill-Source, X-Skill-Platform) for its backend. There are no indicators of data exfiltration, unauthorized file access, or malicious code execution; the behavior is entirely consistent with the stated purpose of mobile video editing.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act within the Nemo backend session tied to the token, such as creating sessions, uploading media, checking credits, and rendering videos.
The skill uses a bearer token or obtains an anonymous token to access the Nemo video backend. This is expected for the service integration, and the artifact does not show token logging or unrelated credential use.
Check if `NEMO_TOKEN` is set in the environment... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... `Authorization: Bearer <token>`
Use a token intended for this service only, avoid sharing token values, and revoke or rotate it if you no longer use the skill.
Videos, URLs, edit prompts, and generated render outputs may be processed and stored by the external Nemo video service.
The skill sends uploaded video files or URLs to an external provider for cloud processing. This is central to the advertised cloud video-editing workflow, but it means private media leaves the local chat environment.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only upload videos you are comfortable sending to this provider, and review any available provider privacy or retention terms before using sensitive footage.
Users have less registry-level context for verifying who maintains the skill or how the external service handles uploaded content.
The registry entry does not provide source or homepage provenance, while the skill depends on a specific external video backend. This is not malicious by itself, but it limits independent verification.
Source: unknown; Homepage: none
If using sensitive or business footage, verify the Nemo provider and skill publisher through trusted channels before installing.