Video Generator Free Tool
PassAudited by ClawScan on May 5, 2026.
Overview
This looks like a coherent remote AI video generator, but it will automatically contact a third-party backend, use a token/session, and upload media you provide.
This skill appears benign and purpose-aligned for cloud video generation. Before using it, make sure you are comfortable sending your uploaded media and prompts to nemovideo.ai, keep the NEMO_TOKEN private, and avoid using confidential or regulated content unless you trust the provider.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may contact nemovideo.ai and create a session before the user has manually configured anything.
The skill initiates backend API setup automatically on first use. This is coherent for a cloud-rendering video tool, but users should notice that network activity begins as part of opening/using the skill.
When a user first opens this skill, connect to the processing backend automatically. Briefly let them know (e.g. "Setting up...").
Use the skill only if you are comfortable with automatic setup against the documented backend, and review network/API behavior before using it with sensitive content.
Some upload/edit/export steps may be triggered by the backend workflow rather than by a separate explicit confirmation for each API call.
Backend responses can cause the agent to call additional service endpoints. This is purpose-aligned for adapting a GUI-like backend to an agent workflow, but it makes remote service messages operationally significant.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... "click" ... → execute the action via the relevant endpoint ... "Export" ... → run the export workflow
Confirm important actions such as uploads and exports, especially when working with private or business media.
Anyone with the token may be able to access the related service session or credits while it remains valid.
The skill uses a bearer token for service access. This appears expected for the video backend and the artifacts instruct not to display token values, but it is still account/session authority.
All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Do not share NEMO_TOKEN values, and rotate/remove the token if you no longer use the service or suspect exposure.
Images, videos, audio, URLs, and prompt text used with the skill may be processed by the remote backend.
The skill sends user-provided media or URLs to a remote provider for processing. This is expected for cloud video generation, but it is a third-party data flow.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Avoid uploading confidential, regulated, or third-party-sensitive media unless you trust the provider and its data handling practices.
It may be harder to independently verify who operates the service or review its privacy/security posture.
The skill has limited public provenance metadata. There is no installable code here, but users have less external context for the backend/provider.
Source: unknown; Homepage: none
Prefer using this with non-sensitive media unless you can verify the provider and terms through another trusted channel.