Video Maker Free
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward NemoVideo API skill, but it uses a Nemo token and sends your prompts and media to NemoVideo’s service.
This skill looks coherent for cloud-based AI video creation. Install it only if you are comfortable giving it a NemoVideo token and sending your selected photos, clips, scripts, or documents to NemoVideo’s API. Verify the NemoVideo homepage or repository because the registry source is unknown and the displayed versions differ.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this skill with your token can submit generation requests as your NemoVideo account.
The skill expects a Nemo bearer token to authenticate requests to the NemoVideo API. This is purpose-aligned for a cloud video service, but it is still account-level authority the user should protect.
"primaryEnv": "NEMO_TOKEN" ... -H "Authorization: Bearer $NEMO_TOKEN"
Use a dedicated or least-privileged Nemo token if available, keep it out of prompts and shared logs, and revoke it if you stop using the skill.
Your photos, videos, scripts, and prompts may be processed by NemoVideo rather than staying local.
The workflow sends user-provided media and prompts to an external NemoVideo API. That is expected for the advertised service, but the content may include personal photos, business material, or private documents.
Upload photos, video clips, text, or any combination ... curl -X POST https://mega-api-prod.nemovideo.ai/api/v1/generate
Review NemoVideo’s privacy and retention terms before uploading sensitive media, private family videos, internal business material, or regulated data.
It may be harder to verify that the registry listing exactly matches the publisher’s intended release.
The registry metadata lists the source as unknown and version 1.0.1, while the SKILL.md frontmatter lists version 1.2.1. There is no runnable code or install script, so this is a provenance note rather than a concrete execution concern.
Source: unknown ... Version: 1.0.1
Before relying on the skill, verify the listed homepage or repository and make sure the token is obtained from the legitimate NemoVideo service.