Editor Ai Offline
WarnAudited by ClawScan on May 11, 2026.
Overview
The skill markets itself as offline/local video editing, but its instructions send video work to a cloud backend and create cloud sessions/tokens.
Install only if you are comfortable using a cloud video-editing service. Do not rely on the offline/no-internet wording, and avoid uploading confidential screen recordings unless you trust NemoVideo’s handling of your files and token.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe sensitive screen recordings stay on their device when they are actually sent to a cloud service.
The artifact repeatedly promises offline/local/no-internet editing while also stating that processing uses a remote cloud backend.
displayName: "AI Video Editor Offline — Edit and Export Videos Offline" ... "editing videos locally without an internet connection" ... "This skill connects to a cloud processing backend" ... "cloud GPUs"
Treat this as a cloud video editor, not an offline one; the skill should be renamed and clearly disclose remote upload/rendering before use.
The agent could contact the provider and create a cloud session as soon as the skill is used, which may surprise users expecting offline behavior.
The skill instructs automatic external service setup, client identifier generation, token retrieval, and session creation rather than requiring an explicit opt-in step first.
On first use, set up the connection automatically ... Generate a UUID ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... Session: POST `https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent`
Ask the user for explicit approval before any network call, token creation, upload, or export request.
Screen recordings, images, audio, or other media may contain private information and would leave the local device for cloud processing.
The artifact shows user media being uploaded to a provider API and processed remotely, but the visible instructions do not define privacy, retention, or data-boundary protections.
`/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file (multipart) or URL ... Each export job queues on a cloud GPU node ... returns a download URL
Do not use confidential footage unless you trust the provider and understand its privacy, retention, and access controls.
Anyone using the skill should understand that it relies on a bearer token for the NemoVideo service and that requests are authorized with that token.
The skill uses a provider credential/session token for API access. This is expected for the cloud service, but it is sensitive account authority.
Look for `NEMO_TOKEN` in the environment ... Extract `data.token` ... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Keep the token private, avoid sharing raw logs, and revoke or rotate it if it is exposed.
A render may keep running remotely or consume credits even if the user thinks they stopped interacting with the skill.
The remote render job may continue or become detached from the user interface after the user closes the tab.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Monitor exports until completion and provide a clear cancel/status workflow for remote jobs.