Clip Editor — AI Video Clip Editor for Trimming, Cutting and Merging Footage
v1.0.0AI video editor that works entirely through chat — type what you want changed and the AI handles the rest. Trim clips, merge footage, add background music, a...
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description (chat-first video editor) match the instructions: the SKILL.md details an HTTP-based backend API for sessions, SSE edits, uploads, rendering, and credits. The declared primary credential (NEMO_TOKEN) and the config path (~/.config/nemovideo/) align with a remote editing service.
Instruction Scope
Instructions direct the agent to (a) create/persist a client_id at ~/.config/nemovideo/client_id, (b) request an anonymous token from the backend if NEMO_TOKEN is not present, and (c) upload local files via curl (e.g. -F "files=@/path/to/file"). These actions are expected for a video upload/edit workflow, but they do give the agent the ability to read any local path you provide and transmit those files to the remote API.
Install Mechanism
No install spec or additional packages — instruction-only skill. This minimizes disk/execute risk because no third-party binaries are pulled by the skill itself.
Credentials
Primary credential NEMO_TOKEN is appropriate for a remote API. The SKILL.md also documents optional variables (NEMO_API_URL, NEMO_WEB_URL, NEMO_CLIENT_ID, SKILL_SOURCE) and a client_id persisted to ~/.config/nemovideo/. These are proportionate, but the skill will persist a client_id file and can obtain/store a short-lived anonymous token if you don't provide one — ensure you understand token lifecycle and storage. No unrelated credentials are requested.
Persistence & Privilege
always is false and the skill only writes to its own config path (~/.config/nemovideo/) per instructions. It does not request system-wide or other-skills configuration access. Autonomous invocation is allowed (default) but not an added privilege here.
Scan Findings in Context
[no_code_files] expected: The repository/skill contains only SKILL.md (instruction-only). The static scanner had no code to analyze. This is expected for an instruction-only skill, but it means runtime instructions are the primary security surface.
Assessment
This skill appears to be what it claims: a chat-driven front end for a remote video-editing API. Before installing or using it, consider the following: (1) Files you instruct the agent to upload will be sent to the remote service — do not upload sensitive material unless you trust the provider and understand their retention/privacy policy. (2) The skill will create ~/.config/nemovideo/client_id and can obtain and use an anonymous token (NEMO_TOKEN) that expires in 7 days; you can instead supply your own token if you have one. (3) The skill posts data to the configured NEMO_API_URL; verify the endpoint if you need to control where your media is sent. (4) Because this is instruction-only there is no bundled code to inspect; if provenance/trust matters, ask the publisher for a homepage, privacy policy, or source code before use. If you want stronger guarantees, only provide non-sensitive test footage and/or use an account/token you can revoke.Like a lobster shell, security has layers — review code before you run it.
latestvk97429t4f8gx4cmk9sxq1tbxvd83fhtc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
Primary envNEMO_TOKEN