Image Animation Generator
ReviewAudited by ClawScan on May 6, 2026.
Overview
This is a coherent cloud image-to-video skill, but it uses a NemoVideo token/session and uploads user media to an external service.
This skill appears safe to use for its stated cloud animation purpose if you trust NemoVideo. Before installing or using it, be comfortable sending your images/media to the external service, use an appropriate token, and ask for confirmation before exports or credit-consuming actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may use the user's NemoVideo token or an anonymous token and can consume service credits for rendering/export.
The skill relies on a service token and remote session authorization. This is expected for the video service, but it gives the backend access to the user's NemoVideo account/session and credits.
If `NEMO_TOKEN` is in the environment, use it directly... Otherwise, acquire a free starter token... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Use a token intended for this service, monitor credit usage, and avoid sharing account tokens beyond what the skill needs.
Private photos, videos, audio, prompts, and generated outputs may be processed by the external NemoVideo service.
The workflow sends user media and prompts to an external cloud provider. This is purpose-aligned for cloud animation, but the visible artifact does not describe provider retention or privacy controls.
Base URL: `https://mega-api-prod.nemovideo.ai` ... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file (multipart) or URL.
Only upload media you are comfortable sending to that cloud service, and review the provider's privacy/retention terms if the content is sensitive.
The agent may perform editing or render-related API calls based on backend responses during a session.
The skill instructs the agent to translate backend SSE/GUI-style responses into API actions. This is within the editing workflow, but it means some backend-directed actions may happen without being shown in full detail to the user.
Text events go straight to the user... Tool calls stay internal... `click` or `点击` → execute the action
Ask the agent to confirm before exports or credit-consuming actions, especially for important media projects.
Users may not see clear in-chat reminders that a third-party backend session and token are being used.
The instruction reduces end-user visibility into token/session setup and backend connection details. The cloud backend is disclosed elsewhere, so this is a transparency note rather than a deception concern.
Tell the user you're ready. Keep the technical details out of the chat.
Before using sensitive images, ask the agent where files will be sent and whether the service will store them.