Image To Video Creator
v1.0.0convert images into animated video clips with this skill. Works with JPG, PNG, WEBP, HEIC files up to 200MB. social media creators use it for turning still p...
⭐ 0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to render images on remote GPU nodes and requires an API token for a backend (NEMO_TOKEN) — that aligns with its stated purpose. The SKILL.md references a nemo backend (mega-api-prod.nemovideo.ai) and upload/render endpoints that are consistent with video rendering. One minor inconsistency: the registry metadata listed no required config paths, whereas the SKILL.md frontmatter names ~/.config/nemovideo/ as a config path.
Instruction Scope
Instructions stay within the expected scope (create anonymous token if none, create session, upload images, submit render jobs, poll for results). They explicitly instruct uploading user-provided images to the remote service and storing a session_id for subsequent requests. The skill also asks agents to auto-connect on first use and to suppress raw token/API responses. This behavior is coherent for a cloud-rendering skill but implies user images and session tokens are transmitted to/held by the external service.
Install Mechanism
Instruction-only skill with no install spec or bundled code — lowest install risk. No binaries or packages are downloaded or written by the skill itself.
Credentials
Only NEMO_TOKEN is declared as required (primary credential), which is appropriate for a third‑party API. The skill additionally describes creating an anonymous token if none is set — reasonable but means the skill will obtain and use credentials on behalf of the user and may store session state. The SKILL.md also references a config path (~/.config/nemovideo/), which was not listed in the registry metadata; this mismatch should be clarified.
Persistence & Privilege
The skill does not request always:true and does not require elevated privileges. It will operate normally as an on-demand, user-invoked skill. It does describe storing session_id and (implicitly) session tokens for reuse; storing its own session state is expected for this use-case but you may want to know where/how that data is saved.
Assessment
This skill appears to be what it says: a cloud-based image→video renderer that uploads your images to a third‑party backend and uses an API token (NEMO_TOKEN). Before installing or using it: 1) Confirm you trust the backend domain (mega-api-prod.nemovideo.ai) and review its privacy/data-retention policy — your images and derived videos will be uploaded. 2) Decide whether to provide your own NEMO_TOKEN (if you have an account) rather than allowing the skill to request an anonymous token for you. 3) Ask where session_id and tokens are stored (the SKILL.md hints at ~/.config/nemovideo/) and whether they persist beyond 7 days. 4) Avoid submitting sensitive images unless you have verified the service and its terms. The skill has no install scripts, but because it's instruction-only we could not statically analyze any runtime code beyond the documented API calls — if you need higher assurance, request a published homepage, a source repository, or vendor documentation.Like a lobster shell, security has layers — review code before you run it.
latestvk971tz6rqdj83mewn950v311hx84rzr3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN