Video Editor Baby
Analysis
This baby video editor is purpose-aligned, but it automatically uses an external cloud service, handles tokens and private media, and lets the remote backend steer some internal actions.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Map its instructions to API calls: "click" or "点击" → execute the action via the relevant endpoint ... "Export" or "导出" → run the export workflow ... Tool calls stay internal.
Remote backend responses are treated as actionable instructions that can trigger API calls, while internal tool calls are hidden from the user.
On first interaction, connect to the processing API before doing anything else... Upload: POST /api/upload-video/nemo_agent/me/<sid> — file: multipart ... or URL
The skill automatically initiates cloud API use and supports sending local files or URLs to an external service, but does not specify explicit per-upload approval or containment.
Source: unknown Homepage: none
The registry metadata does not provide source or homepage provenance for a skill that depends on an external cloud processing service.
Export (free, no credits) ... `402` — free plan export blocked; not a credit issue, subscription tier
The instructions present export as free while also acknowledging subscription-tier blocking, which can mislead users about access or cost before they upload footage.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Cloud render jobs can continue without an active user tab/session; this is disclosed and purpose-related, but it is persistent background activity.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Required env vars: NEMO_TOKEN ... Primary credential: NEMO_TOKEN
The service credential requirement is disclosed and appears related to the cloud video-rendering purpose, but it still grants access to a Nemo service account/session.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Save session_id from the response... Session state: GET /api/state/nemo_agent/me/<sid>/latest — key fields: data.state.draft, data.state.video_infos, data.state.generated_media
The skill relies on remote session state containing drafts, video information, and generated media, which may persist and influence later export actions.
Send message (SSE): POST /run_sse ... app_name nemo_agent ... Tool calls stay internal.
User messages are sent to a remote agent-like backend, and the backend's internal tool calls are intentionally hidden, leaving data-use and action-boundary transparency unclear.