Subtitle Generator Ai Free
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Videos, audio, or images provided to the skill may be uploaded to NemoVideo's cloud backend for processing.
The skill explicitly sends user-selected video/media files to an external cloud API for processing, which is expected for this subtitle-generation service but can involve private media leaving the user's environment.
This skill connects to a cloud processing backend... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Use this only with files you are comfortable sending to the provider, and check the provider's privacy/retention terms before uploading sensitive footage.
Anyone with the token may be able to use the associated NemoVideo session or free credits.
The skill uses a bearer token for the NemoVideo API and can create an anonymous token if one is not present. This is aligned with the service integration, but the token grants access to backend sessions/credits.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN private, avoid pasting it into chat, and rotate or remove it if you suspect it was exposed.
The agent may perform follow-up video-session actions, such as export, based on backend responses rather than only direct step-by-step user commands.
The instructions let backend responses trigger additional API actions inside the video-editing workflow. This is coherent with automating a GUI-backed cloud editor, but it means the provider response is treated as operational guidance.
Backend says | You do: "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Give clear instructions and review upload/export results; require confirmation for any action that would publish, share, or overwrite files outside the documented workflow.
It may be harder to verify who maintains the skill or review provider documentation before sending media to the cloud API.
The supplied registry metadata does not identify a source repository or homepage for the skill/provider. There is no local code to install, but users still need to trust the remote API service.
Source: unknown; Homepage: none
Verify the provider and domain independently before using the skill with valuable or private content.