ClawHub

How To Add Music To Video In Iphone

v1.0.0

Tell me what you need and I'll help you add the perfect music to your iPhone videos — whether it's a trending track, a personal recording, or a royalty-free...

0· 44·0 current·0 all-time
by@siddylcon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to help add music to iPhone videos and its runtime instructions call NemoVideo APIs to upload and merge audio/video, obtain a token, and create a session — these are consistent with the described purpose. The homepage and repository URLs align with the API host used in the instructions. One small inconsistency: the metadata's requires.env list is empty while a primaryEnv (NEMO_TOKEN) is declared; functionally the skill does expect that token.
Instruction Scope
The SKILL.md instructs the agent to read/write ~/.config/nemovideo/client_id, read the skill's YAML frontmatter at runtime for attribution, obtain/save session_id, and upload user video files or URLs to the NemoVideo API. Those actions are within scope for a cloud-assisted video-editing helper, but the instructions are vague about where session_id (and any retrieved tokens) should be stored and for how long. Also: uploading user videos to an external service is privacy-sensitive and is central to the skill's operation (expected but important to highlight).
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest-risk install posture. No downloads or archive extraction are requested.
Credentials
The only credential referenced is NEMO_TOKEN (primaryEnv), which is proportionate for an API-backed service. The skill also wants to read/write ~/.config/nemovideo/client_id to create an anonymous token flow. There are no unrelated credentials requested. Minor metadata inconsistency: requires.env is empty even though a primaryEnv is specified.
Persistence & Privilege
The skill does not request always:true or elevated privileges. It does instruct writing a client_id file under ~/.config/nemovideo/ and to 'save session_id' (location unspecified). Persisting tokens/session identifiers in user config is reasonable for convenience but the SKILL.md should specify storage location and security measures; lack of detail is a clarity/privacy concern rather than an explicit privilege escalation.
Assessment
This skill appears to do what it says: it uses NemoVideo's API to merge audio into videos. Before installing/use, consider the following: (1) uploading a video sends that content to an external service (https://mega-api-prod.nemovideo.ai / nemovideo.com); avoid uploading sensitive footage unless you trust their privacy/retention policy; (2) the skill expects an API token (NEMO_TOKEN) or will create an anonymous token by writing ~/.config/nemovideo/client_id — confirm where session_id and tokens are stored and how long they persist; (3) verify the NemoVideo endpoints and the GitHub repository yourself (the SKILL.md points to github.com/nemovideo) if you need stronger assurance; (4) the SKILL.md advises not to print tokens — follow that, and do not paste tokens into untrusted places; and (5) ask the author to clarify the storage location and lifecycle of session_id/token and how uploaded media are retained/deleted. These are privacy and clarity considerations, not indicators of incoherence or malice.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7g55sdy7k4g06sddm8g24d83x8ds

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
Primary envNEMO_TOKEN

Comments