Hotel Video Maker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only video-making integration that discloses its NemoVideo API token requirement, with no artifact-backed evidence of hidden or unsafe behavior.
This skill appears safe to review as an instruction-only NemoVideo integration. Before installing, make sure you trust NemoVideo with the property media and listing details you provide, and use a narrowly scoped NEMO_TOKEN where possible.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill should treat the NemoVideo token like an account credential and avoid sharing a token with broader permissions than needed.
The skill explicitly requires a NemoVideo token and provider-specific config path. This is expected for an external video-generation service, but it is still account/API authority the user should recognize.
"requires": {"env": ["NEMO_TOKEN"], "configPaths": ["~/.config/nemovideo/"]}, "primaryEnv": "NEMO_TOKEN"Use a dedicated NemoVideo token if available, keep it out of prompts and shared logs, and revoke or rotate it if you stop using the skill.
Hotel or property media used with this skill may be sent to the NemoVideo service for processing.
The skill discloses an external NemoVideo API endpoint, which is purpose-aligned for generating videos but means user-provided media or project details may be processed by that provider.
apiDomain: https://mega-api-prod.nemovideo.ai
Only provide media and listing details you are comfortable sending to NemoVideo, and review the provider’s privacy and retention terms if the content is sensitive.