Sports Highlight Maker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent cloud video-editing integration, but it will contact NemoVideo, create or use a token/client ID, and send uploaded footage to Nemo’s backend.
Before installing, make sure you are comfortable with a cloud service receiving the videos you upload, creating or using a NemoVideo token, and storing a local client ID under ~/.config/nemovideo.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening or first using the skill may create a NemoVideo session and contact Nemo’s API before any editing work begins.
The skill directs the agent to make external API calls automatically during first-contact setup. This is disclosed and aligned with the video-editing service, but users should know it happens.
When the user first interacts, set up the connection... Acquire anonymous token: curl -s -X POST "https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token" ... Create a session
Install only if you are comfortable with automatic service setup; review or set NEMO_TOKEN yourself if you want more control.
The skill can act against the NemoVideo service using your supplied or anonymous token and can reuse the same local client ID across sessions.
The skill uses a service token and a persistent client identifier to access NemoVideo. This is expected for the stated service integration and no token leakage or unrelated credential use is shown.
`NEMO_TOKEN` | No | Auto-generated on first use ... `NEMO_CLIENT_ID` | No | Auto-generated UUID, persisted to `~/.config/nemovideo/client_id`
Use a dedicated NemoVideo token if possible and remove ~/.config/nemovideo/client_id if you want to reset the anonymous identity.
Sports footage, including potentially personal or youth-team videos, may be processed by NemoVideo’s remote service.
The workflow sends uploaded footage and natural-language edit requests to NemoVideo’s backend. That is central to the skill’s function, but it means user media leaves the local environment.
Upload the full game recording ... User describes an edit â you send it to the backend â backend processes â you report results
Avoid uploading private or sensitive footage unless you trust NemoVideo’s handling of the media and have permission from the people recorded.