Trimmer Online
Analysis
This skill is a remote video-trimming integration that sends user-provided media and editing instructions to a disclosed NemoVideo backend; the main risks are normal cloud-processing, credential, and session-state considerations.
Findings (9)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
The skill explicitly tells the agent to translate backend messages into API actions. This is aligned with a hosted editing workflow, but remote backend text can influence what the agent does next.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}` ... Export ... POST `/api/render/proxy/lambda`The skill uses API operations to upload user media and start cloud render/export jobs. These operations are central to the stated video-trimming purpose, but they do transfer and process user content remotely.
Source: unknown; Homepage: none
The registry metadata does not provide a source repository or homepage. There is no local code or install package to audit, so this is a provenance notice rather than a concrete supply-chain concern.
Each export job queues on a cloud GPU node ... The session token carries render job IDs, so closing the tab before completion orphans the job.
A user-triggered export can continue as a remote render job even if the local session is closed. This is disclosed and expected for cloud rendering, but users should understand the job lifecycle.
Tell the user you're ready. Keep the technical details out of the chat.
The skill favors a simplified user experience and tells the agent not to show technical connection details. The same file does disclose remote GPU/API processing, so this is a transparency note rather than deception.
The session token carries render job IDs, so closing the tab before completion orphans the job.
The artifact discloses that a started render job can keep existing after the local tab closes. This is not self-propagation or hidden autonomous behavior, but it is a background remote job lifecycle users should notice.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
If `NEMO_TOKEN` is in the environment, use it directly and create a session. Otherwise, acquire a free starter token ... The response includes a `token` with 100 free credits valid for 7 days — use it as NEMO_TOKEN
The skill uses a service token for authentication and can obtain an anonymous starter token if none is present. This is expected for the integrated backend, but it is still account/session authority.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Session state: GET `/api/state/nemo_agent/me/<sid>/latest` — key fields: `data.state.draft`, `data.state.video_infos`, `data.state.generated_media`
The backend maintains session state containing drafts, video information, and generated media references. This is normal for cloud editing, but it is persistent task context that may contain sensitive project details.
Send message (SSE): POST `/run_sse` — body `{"app_name":"nemo_agent","user_id":"me","session_id":"<sid>","new_message":{"parts":[{"text":"<msg>"}]}}` with `Accept: text/event-stream`The skill communicates with a remote agent-like backend over SSE using a session ID and Bearer token. The destination API is disclosed and purpose-aligned, but user prompts and session context are sent to that backend.