Nonprofit Video Maker
PassAudited by ClawScan on May 2, 2026.
Overview
This is a coherent cloud video-rendering skill, but it sends uploaded media to NemoVideo and uses a bearer token/session to do the work.
Before installing, make sure your organization is comfortable sending donor videos, images, logos, and audio to `mega-api-prod.nemovideo.ai`. Protect NEMO_TOKEN, avoid uploading highly sensitive donor material without provider review, and monitor export jobs/credits. The provided SKILL.md content was marked truncated, so review the full skill text if available.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create a remote NemoVideo session before any media is rendered.
The skill tells the agent to initiate remote API setup automatically when first used. This is central to cloud rendering, but users should know first use contacts the provider.
"On first interaction, connect to the processing API before doing anything else"
Use it only if you are comfortable with the NemoVideo API being contacted, and give explicit instructions before uploads or exports if you want tighter control.
Anyone with the token could potentially access the associated NemoVideo session or credits.
The skill relies on a bearer token for service access and credits. That credential use is disclosed and purpose-aligned, but the token should be protected.
"Every API call needs `Authorization: Bearer <NEMO_TOKEN>`"
Store NEMO_TOKEN securely, do not paste it into chat, and rotate/revoke it if exposed.
Uploaded donor stories, images, logos, audio, or URLs may leave your environment and be processed by NemoVideo servers.
The skill sends user-provided videos, images, or media URLs to an external provider for processing. This is expected for the service, but retention/privacy details are not shown in the visible artifact.
"Upload — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs"
Do not upload confidential donor material unless the provider’s terms and privacy practices are acceptable for your organization.
A render job may continue consuming time or credits even if the local session is closed before completion.
The cloud render pipeline can continue or leave a job orphaned after the user stops monitoring it. This is disclosed and expected for remote rendering, but it is persistent remote activity.
"closing the tab before completion orphans the job"
Monitor exports until completion and check credit usage if a session is interrupted.