Chatgpt Video Maker Free
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less independent information for verifying who operates the skill or its backend.
The skill does not provide a verifiable source repository or homepage. There is no install script or code to run, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Only use the skill if you are comfortable trusting the listed provider endpoint and avoid uploading sensitive material unless you have verified the service.
The token can be used to create sessions, check credits, upload content, and render videos with the provider.
The skill uses a provider token for session creation and subsequent API calls. This is expected for the video-rendering service, but it is still account/session authority.
If `NEMO_TOKEN` is in the environment, use it directly and create a session. Otherwise, acquire a free starter token... Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Use a token intended for this service only, monitor credit usage, and rotate or remove the token if you no longer trust the skill.
Text prompts, media files, and URLs may leave the local environment and be processed by an external service.
User prompts and selected files or URLs are sent to the remote NemoVideo backend. This is central to the stated video-generation function, but it is a sensitive data flow.
Send message (SSE): POST `/run_sse` ... `new_message`... Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL
Do not upload confidential, regulated, or private media unless you trust the provider and understand its data handling terms.
The agent may continue workflow steps such as querying state or exporting based on provider responses, not just explicit user wording.
The skill tells the agent to translate backend UI-like instructions into API actions. This appears intended for the video workflow, but it means remote backend responses can drive follow-up actions.
Backend says "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Keep backend-driven actions limited to the user’s current request and ask the user before any action that would spend credits, upload additional files, or produce unexpected output.
A user may not be explicitly reminded that a remote session or anonymous token was created before the skill starts working.
The skill asks the agent not to show technical details after connecting. The backend API and remote rendering are otherwise disclosed in the artifact, so this is a transparency note rather than evidence of deception.
Tell the user you're ready. Keep the technical details out of the chat.
Prefer a brief user-facing disclosure such as: 'I’ll use the NemoVideo API to process this request,' especially before uploading files.