ClawHub

Diy Video Editor

v1.0.0

DIY Video Editor — Edit Home Improvement and Renovation Project Videos with AI. The bathroom renovation took three weekends and you filmed every demolition s...

0· 86·0 current·0 all-time
by@nemovideonemo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description describe an AI-driven video editing service. The skill's instructions only talk to a Nemo API, upload media, run SSE edit commands, and persist a client_id under ~/.config/nemovideo — all of which align with editing/uploading video functionality.
Instruction Scope
Instructions direct network calls to the declared Nemo API, upload user video files, create/persist a client_id in ~/.config/nemovideo/, and obtain an access token via an anonymous-token endpoint. They do not request unrelated system files or other credentials. Minor issues: a token-generation snippet references $API inconsistently (may be a documentation bug) and the SKILL.md references several optional env vars that are not declared as required in registry metadata.
Install Mechanism
No install spec or code is included (instruction-only). Nothing is downloaded or written by an installer beyond what the instructions tell the agent to do at runtime (creating ~/.config/nemovideo/ and writing a client_id).
Credentials
Primary credential is NEMO_TOKEN, which is appropriate for a hosted editing backend. The skill lists other optional env vars (NEMO_API_URL, NEMO_WEB_URL, NEMO_CLIENT_ID) that are reasonable. Minor mismatch: registry metadata lists no required env vars while a primaryEnv (NEMO_TOKEN) is declared and SKILL.md documents token usage/auto-generation.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It will persist a client_id and expect the agent to manage/refresh a short-lived token (expires in 7 days) in the user's config directory — reasonable for this use case. Autonomous invocation is allowed by default (normal); nothing in the skill forces permanent elevated presence.
Assessment
This skill appears to do what it says: it uploads media and calls a Nemo editing API and will create ~/.config/nemovideo/client_id and obtain a short-lived NEMO_TOKEN. Before installing, consider: 1) the source is unknown and there is no homepage — verify the service and privacy policy if you plan to upload private footage; 2) the skill may auto-generate an anonymous token that grants the backend access to your uploads — if you prefer control, set NEMO_TOKEN yourself rather than relying on anonymous issuance; 3) check the local file ~/.config/nemovideo/ for any persisted identifiers and remove them if you uninstall; 4) avoid uploading sensitive personal content to any third-party editing service. The inconsistencies (minor env/variable documentation bugs) look like sloppy docs rather than malicious behavior, but exercise caution given the unknown origin.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fdzbsmv28gk6pb49v9v0yp583nkad

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔨 Clawdis
Primary envNEMO_TOKEN

Comments