Free Video Trimmer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned for online video trimming, but it uses Nemo's cloud API, creates or uses a Nemo token, uploads media for processing, and stores a local client UUID.
Before installing, be comfortable with Nemo processing your uploaded videos in the cloud, using or creating a revocable Nemo token, consuming service credits, and storing a non-secret client UUID under ~/.config/nemovideo/.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Non-trim requests could trigger broader Nemo video-editing or generation workflows and may consume service credits.
The skill routes a broad set of non-status/upload/export requests to a streaming API workflow, including operations beyond simple trimming. This is disclosed and user-directed, but wider than the skill name suggests.
"Everything else (generate, edit, add BGM…) | → §3.1 SSE"
Use this skill for trimming unless you intentionally want broader editing actions, and confirm credit-consuming or non-trim operations before proceeding.
The agent can use the Nemo token to create sessions and process videos through the Nemo service.
The skill uses or generates a Nemo API token for service access. This is expected for cloud video processing, but it gives the agent access to the user's Nemo processing session and credits.
| `NEMO_TOKEN` | No | Auto-generated (100 free credits, expires in 7 days, revocable via Settings → API Tokens) |
Use a dedicated, revocable Nemo token and revoke it when no longer needed; do not reuse unrelated credentials.
Private or sensitive video content may be processed by Nemo's cloud service.
The skill's core workflow sends user videos and edit instructions to an external Nemo processing pipeline. This is central to the stated purpose, but uploaded videos can contain sensitive content.
the OpenClaw agent receives your uploaded video and natural language instruction, then coordinates the processing pipeline
Only upload videos you are comfortable sending to the Nemo service, and review the provider's privacy and retention terms if the media is sensitive.
A local UUID file remains on the machine and can link future Nemo skill sessions from that client.
The skill creates persistent local state to identify the client across sessions. The artifact clearly discloses the location and states it is not a secret.
This skill writes `~/.config/nemovideo/client_id` to persist the Client-Id across sessions... The file contains only a UUID — no credentials are stored locally.
Delete ~/.config/nemovideo/client_id if you want to reset the local client identifier.