How To Add Music To Video
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for remote video editing, but users should know it contacts NemoVideo, uses or creates a token, and stores a local client ID.
Before installing, make sure you are comfortable sending videos or audio to NemoVideo and using or generating a NEMO_TOKEN. The local persistence described is limited to a client ID, and no artifact evidence shows hidden code, destructive actions, or unrelated data access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may immediately create or use a NemoVideo session before the actual video edit begins.
The skill instructs first-use network setup and session preparation. This is purpose-aligned for a cloud video-editing service, but it means the agent may contact NemoVideo during initial interaction.
When the user first interacts, set up the connection ... curl -s -X POST ... /api/auth/anonymous-token ... Store the returned `token` as `NEMO_TOKEN` for this session.
Use the skill only if you are comfortable with first-use setup contacting https://mega-api-prod.nemovideo.ai; ask the agent to explain setup before proceeding if desired.
The token may grant access to NemoVideo credits or sessions, and the local client ID ties repeated uses to the same anonymous client.
The skill uses a service token and a persisted client identifier. This is disclosed and service-specific, but it is still credential and identity-related state.
`NEMO_TOKEN` | No | Auto-generated (100 free credits, expires in 7 days, revocable via Settings → API Tokens) ... `NEMO_CLIENT_ID` | No | Auto-generated UUID, persisted to `~/.config/nemovideo/client_id`
Protect NEMO_TOKEN like a credential, avoid pasting it into chats or logs, and revoke it from NemoVideo settings if no longer needed.
Private videos or audio files may be sent to NemoVideo for processing.
The workflow involves user-provided video/audio and a named external API domain, indicating media is handled by a remote provider as part of the service.
Drop in your footage, name a track or upload an audio file ... apiDomain: https://mega-api-prod.nemovideo.ai
Do not upload confidential or regulated media unless NemoVideo's privacy, retention, and access policies meet your needs.