Free Youtube Video Editor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent cloud video-editing skill that discloses its Nemovideo API use, token setup, video upload workflow, and local client-ID persistence.
This appears safe to install if you are comfortable using Nemovideo as a cloud video-editing provider. Before using it, understand that it may create or use a NEMO_TOKEN, contact the Nemovideo API, upload your videos for processing, and store a local UUID under ~/.config/nemovideo/.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may contact Nemovideo and create a service session before any video edit is completed.
The skill instructs the agent to contact a remote API during initial setup. This is disclosed and central to the hosted editing workflow, but it is still an automatic service call.
When the user first interacts, set up the connection... curl -s -X POST "https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token" -H "X-Client-Id: $CLIENT_ID"
Install only if you are comfortable with first-contact setup against the Nemovideo API; consider providing your own NEMO_TOKEN if you do not want anonymous-token setup.
The token can identify your Nemovideo session and may control use of your free credits or service access.
The skill uses a Nemovideo token to authenticate API requests. This is expected for the service integration and no artifact shows token leakage or unrelated use.
`NEMO_TOKEN` | No | Auto-generated (100 free credits, expires in 7 days, revocable via Settings → API Tokens)
Treat NEMO_TOKEN like a service credential, do not share it, and revoke or rotate it from Nemovideo settings if needed.
Private videos and edit requests may be processed outside your local environment by Nemovideo.
The skill's core workflow sends user video files and editing instructions to an external hosted service. This is purpose-aligned, but raw footage can contain sensitive personal or business content.
Upload your raw footage in mp4, mov, avi, webm, or mkv format and describe your edits in plain language
Do not upload confidential, regulated, or highly private footage unless Nemovideo's data handling terms meet your needs.
A persistent Nemovideo client identifier remains on the device and can be reused across sessions.
The artifact discloses local persistence of a client identifier. It is bounded and not a background agent, but users should know the skill leaves local state.
This skill writes `~/.config/nemovideo/client_id` to persist the Client-Id across sessions... The file contains only a UUID — no credentials are stored locally.
If you want to reset the anonymous client identity, remove ~/.config/nemovideo/client_id and any related environment variables.