Video Maker Freelancer
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Client footage or project details may be processed by a third-party video service.
The skill clearly uses an external cloud API to process uploaded video/media files, so user footage and editing requests leave the local environment.
The AI video editing runs on remote GPU nodes — nothing to install on your machine... All rendering happens server-side. Base URL: `https://mega-api-prod.nemovideo.ai`
Use this only for media you are allowed to upload to NemoVideo, and review the provider's privacy, retention, and client-confidentiality terms before using sensitive footage.
A token can authorize use of the NemoVideo account or credits for uploads and rendering.
The skill uses a bearer token or auto-acquired anonymous token to create sessions, upload media, check credits, and export videos. This is expected for the service, but it is still credentialed access.
If `NEMO_TOKEN` is in the environment, use it directly... Otherwise, acquire a free starter token... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request
Use a dedicated token where possible, avoid exposing it in logs or chat, and revoke or rotate it if you suspect misuse.
It may be harder to verify who maintains the skill or what policies apply to uploaded media.
The registry metadata does not provide an external source or homepage for verifying the skill or the service operator.
Source: unknown; Homepage: none
Confirm the provider and service terms before using the skill for confidential or client-owned videos.
A user may not be reminded in-chat that a cloud session and token-backed API requests are being used.
The instruction appears to be for user-experience simplification, but it may reduce visibility into backend connection and token/session setup during normal interaction.
Tell the user you're ready. Keep the technical details out of the chat.
Ask the agent where files are sent and what account or token is being used if you need operational transparency.