Free Video Generation App
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent cloud video-generation skill, but it will contact NemoVideo, use or create a service token, and send user prompts or selected media to that provider.
Install only if you are comfortable using NemoVideo's cloud service. Do not upload private media unless you trust the provider, and keep the NEMO_TOKEN secret.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent will authenticate to the video service on the user's behalf, so the token should be treated like an account credential for that service.
The skill uses a bearer token for the NemoVideo service and can obtain an anonymous token from the provider.
If `NEMO_TOKEN` environment variable is already set, use it ... The response field `data.token` becomes your NEMO_TOKEN ... `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated token if possible, do not paste secrets into chat, and revoke or rotate the token if you no longer use the service.
Images, videos, audio, URLs, and prompts used with the skill may leave the local environment and be processed by NemoVideo.
The skill sends user-selected files or URLs to a third-party cloud API for video processing.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only upload files you are comfortable sending to the provider, and avoid confidential or regulated content unless the provider's terms and privacy practices are acceptable.
The remote service may drive follow-on steps inside the video workflow, such as querying state or exporting, after the user starts a generation/edit task.
The skill asks the agent to treat backend responses as workflow instructions and convert them into further API actions.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... "click" ... → execute the action via the relevant endpoint ... "Export" ... → run the export workflow
Review the produced draft and exported result, and ask for confirmation before uploads or exports if the content is sensitive.
Users have less independent information for validating who operates the integration and how the remote API handles data.
The registry metadata does not provide a public source or homepage for verifying the skill or the service relationship.
Source: unknown; Homepage: none
Verify the provider and domain before using the skill for important or private media.