ClawHub

Video Audio Editor

v1.0.0

Skip the learning curve of professional editing software. Describe what you want — remove background noise, boost voice volume, and sync the audio to trimmed...

0· 56·0 current·0 all-time
by@siddylcon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (remote AI video+audio editing) matches the declared primary credential (NEMO_TOKEN) and all API endpoints described in SKILL.md. Requiring a token to call a cloud render API is expected.
Instruction Scope
Instructions focus on API calls, SSE streams, file uploads, and session state, which are appropriate for the stated purpose. Minor scope note: the YAML frontmatter references a config path (~/.config/nemovideo/) and a heuristic to detect install path (to set X-Skill-Platform). The SKILL.md does not explicitly instruct reading arbitrary local files beyond user-supplied upload paths, but it does imply the agent may inspect its install path/config location to set a header. This is unusual but not clearly malicious.
Install Mechanism
No install spec or external downloads — instruction-only skill. Low installation risk because nothing is written to disk by an installer.
Credentials
Only NEMO_TOKEN is declared as required and used for Authorization. The skill provides an anonymous-token flow if no token exists. No unrelated secrets or multiple credentials are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent elevated presence or modification of other skills or system-wide settings.
Assessment
This skill uploads your video/audio to an external service (mega-api-prod.nemovideo.ai) for cloud rendering — if you care about privacy or copyright, confirm the service's data retention and sharing policies before sending sensitive content. The only credential requested is NEMO_TOKEN; you can use an anonymous token flow as described, or provide a token you trust. Note the SKILL.md mentions a local config path and detecting install path to set a header — that means the agent may inspect where it is installed to populate X-Skill-Platform, which is unusual but not necessarily harmful. Before installing: verify the service domain and operator if possible, store tokens securely (and revoke if you stop using the skill), and avoid uploading sensitive material until you are comfortable with the provider's policies. If you want greater assurance, ask the skill author for a homepage, source link, or privacy policy; that would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk972yj2m6w3ffj09jeppfz2swn84pd1t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments