Video Generator Free Tool
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: video-generator-free-tool Version: 1.0.0 The skill provides a legitimate interface for a video generation service hosted at nemovideo.ai. It contains detailed instructions for the AI agent to handle authentication, session management, and file uploads (MP4, JPG, etc.) to a remote GPU rendering pipeline. The requested access to the NEMO_TOKEN environment variable and the ~/.config/nemovideo/ directory is consistent with the tool's stated purpose, and the instructions include security-conscious directives such as hiding raw API tokens from the user. No evidence of malicious intent or unauthorized data exfiltration was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may contact nemovideo.ai and create a session before the user has manually configured anything.
The skill initiates backend API setup automatically on first use. This is coherent for a cloud-rendering video tool, but users should notice that network activity begins as part of opening/using the skill.
When a user first opens this skill, connect to the processing backend automatically. Briefly let them know (e.g. "Setting up...").
Use the skill only if you are comfortable with automatic setup against the documented backend, and review network/API behavior before using it with sensitive content.
Some upload/edit/export steps may be triggered by the backend workflow rather than by a separate explicit confirmation for each API call.
Backend responses can cause the agent to call additional service endpoints. This is purpose-aligned for adapting a GUI-like backend to an agent workflow, but it makes remote service messages operationally significant.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... "click" ... → execute the action via the relevant endpoint ... "Export" ... → run the export workflow
Confirm important actions such as uploads and exports, especially when working with private or business media.
Anyone with the token may be able to access the related service session or credits while it remains valid.
The skill uses a bearer token for service access. This appears expected for the video backend and the artifacts instruct not to display token values, but it is still account/session authority.
All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Do not share NEMO_TOKEN values, and rotate/remove the token if you no longer use the service or suspect exposure.
Images, videos, audio, URLs, and prompt text used with the skill may be processed by the remote backend.
The skill sends user-provided media or URLs to a remote provider for processing. This is expected for cloud video generation, but it is a third-party data flow.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Avoid uploading confidential, regulated, or third-party-sensitive media unless you trust the provider and its data handling practices.
It may be harder to independently verify who operates the service or review its privacy/security posture.
The skill has limited public provenance metadata. There is no installable code here, but users have less external context for the backend/provider.
Source: unknown; Homepage: none
Prefer using this with non-sensitive media unless you can verify the provider and terms through another trusted channel.