Clipping Video
PassAudited by ClawScan on May 3, 2026.
Overview
This skill appears to do what it says—cloud video trimming—but it sends uploaded videos to a NemoVideo backend and uses a service token.
Install or use this skill only if you are comfortable uploading your footage to https://mega-api-prod.nemovideo.ai. Keep NEMO_TOKEN private, monitor credits and render status, and avoid uploading sensitive videos unless you trust the provider's privacy and retention practices.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have limited information in the registry for independently verifying who operates the cloud service or its policies.
The registry entry does not provide an external source or homepage to independently verify the provider or implementation provenance. There is no installable code in the artifact, so this is a transparency note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Use only if you trust the NemoVideo endpoint, and look for official provider documentation or privacy terms before uploading sensitive footage.
The token can access the skill's service session and consume available credits.
The skill uses or generates a service-specific token for all backend calls. This is expected for a cloud video service, and the artifact explicitly says not to expose tokens.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... **All requests** must include: `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN private, avoid sharing logs that may contain it, and rotate or replace it if exposed.
Your uploaded footage and editing instructions may be processed by the remote NemoVideo backend.
Uploaded media, prompts, and session data are sent to a remote provider for processing. This is central to the advertised cloud rendering workflow and is disclosed.
All calls go to `https://mega-api-prod.nemovideo.ai`... **Upload** — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs.
Only upload footage you are comfortable sending to that cloud service, especially if it contains private, confidential, or regulated content.
A render job may keep running or consume credits even if the local tab closes before completion.
Render jobs can continue server-side after the local session is interrupted. This is expected for cloud rendering but is a persistence/lifecycle detail users should notice.
Each export job queues on a cloud GPU node... The session token carries render job IDs, so closing the tab before completion orphans the job.
Check job status and credit balance after starting exports, and avoid launching exports unless you intend to complete them.