ClawHub

Hotel Promotional Video

v1.0.0

Your boutique hotel has a rooftop bar with a view that travel writers have photographed, a spa that books out three weeks in advance, and a restaurant with a...

0· 26·0 current·0 all-time
by@nemovideonemo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the single declared secret (NEMO_TOKEN) and the SKILL.md calls an API at nemovideo.ai, which is coherent for a video-generation service. Minor inconsistency: the registry metadata at the top listed no required config paths, but the SKILL.md metadata includes a config path (~/.config/nemovideo/).
Instruction Scope
The SKILL.md shows a simple curl POST to https://mega-api-prod.nemovideo.ai/api/v1/generate with Authorization: Bearer $NEMO_TOKEN — this stays within the described purpose and only sends the provided JSON. However, the prose says 'Upload your property footage' but the example does not include file upload or explain how binaries are transmitted; the instructions are therefore incomplete/ambiguous rather than overbroad.
Install Mechanism
Instruction-only skill with no install spec or code files; lowest-risk delivery mechanism (nothing is written to disk by an installer).
Credentials
Only one credential (NEMO_TOKEN) is requested, which is appropriate for an API-backed video generation service. The SKILL.md metadata references a local config path (~/.config/nemovideo/) — if the skill actually reads that path it should be declared up front; the registry header contradicted that. Confirm whether the skill needs local config files and what they contain.
Persistence & Privilege
No elevated persistence requested (always:false), no install-time scripts, and no modifications to other skills or system configs are present in the instructions.
Assessment
This skill appears to do what it says: it calls a nemo video API using a single API token. Before installing, verify: (1) the provenance — who runs nemovideo.ai and whether you trust them (no homepage/source listed); (2) the exact token scope and whether the NEMO_TOKEN gives only video-generation access; (3) how footage is uploaded and whether uploads are encrypted and retained (the example omits file-upload details); (4) whether the skill will read ~/.config/nemovideo/ (the SKILL.md lists that path but the registry header did not); and (5) privacy/retention policies for any guest footage or personal data you send. If you can't confirm these, avoid providing your production credentials or sensitive media.

Like a lobster shell, security has layers — review code before you run it.

latestvk9746z15rfk4315fmvcakwa9q58495sv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏨 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments