Drone Video Editor
Security checks across malware telemetry and agentic risk
Overview
This is a coherent instruction-only drone video editing skill, with the main caveat that it references a Nemo token/config and user-uploaded footage without much provider detail.
Before installing or using this skill, confirm what NemoVideo/NEMO_TOKEN refers to, use a limited-scope credential, and only upload footage you are comfortable processing through the associated service.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use a Nemo-related account token or local service configuration when processing videos.
The skill references a provider token and local NemoVideo configuration path. That is plausible for a video-editing service, but the artifacts do not describe token scope or exactly how the config is used.
metadata: {"openclaw": {"requires": {"env": [], "configPaths": ["~/.config/nemovideo/"]}, "primaryEnv": "NEMO_TOKEN"}}Use a least-privilege token if possible, review what is in ~/.config/nemovideo/, and confirm the provider/account scope before processing sensitive client footage.
Private drone footage could be processed by an external or provider-backed workflow depending on how the skill is implemented.
The skill’s intended workflow involves user-selected video uploads, which may include private property, event, construction, or location footage. The upload is purpose-aligned, but the artifact does not specify provider destination or retention.
Upload the raw drone clips. Describe the intended use: "Real estate listing for a coastal property, warm color grade, 90-second tour."
Upload only the clips you intend to process, avoid unnecessary sensitive footage, and verify provider privacy/retention terms before using it for confidential projects.
There is little publisher or project context to help verify who maintains the skill or what service backs it.
The artifact has limited provenance information, although there is no runnable package or install script in the provided materials.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Treat it as an instruction-only workflow unless you can verify the provider and maintainer through trusted registry or vendor information.