ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Video Editor On Prompt

v1.0.0

edit video clips into prompt-edited videos with this skill. Works with MP4, MOV, AVI, WebM files up to 500MB. content creators use it for editing videos by t...

0· 16·0 current·0 all-time
by@vynbosserman65
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (prompt-driven cloud video editing) aligns with the runtime actions: it requires a service token, creates a session, uploads videos, and triggers render/export endpoints. Required env var NEMO_TOKEN and the API endpoints are consistent with cloud processing for video editing.
Instruction Scope
Instructions are specific about what API calls to make (session creation, SSE chat, upload, export) and how to handle SSE. They also instruct generating an anonymous token if NEMO_TOKEN is absent and adding attribution headers. This stays within the editing purpose but implies sending full user video files and session data to an external domain (mega-api-prod.nemovideo.ai), which is a privacy/operational risk the user must accept.
Install Mechanism
No install spec or code files — instruction-only skill. Nothing will be written to disk or downloaded during install, which reduces supply-chain risk.
!
Credentials
The skill only declares a single credential (NEMO_TOKEN) which is proportional. However, there's an inconsistency: the top-level registry metadata listed no required config paths, while the SKILL.md frontmatter metadata references a config path (~/.config/nemovideo/). That mismatch should be clarified. Also, the skill will create/obtain an anonymous token if none is present, which means the agent will perform network auth and then use that token to upload media to the external service.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent platform-wide privileges or modify other skills' configs. Autonomous invocation is enabled (default) but not combined here with other high-risk requests.
What to consider before installing
This skill appears to be a cloud-backed video editor that will send your uploaded videos to mega-api-prod.nemovideo.ai and use a NEMO_TOKEN (it can also obtain an anonymous token automatically). Before using it: 1) Confirm the backend/service identity and privacy policy (no homepage or source repo is provided here). 2) Do not upload sensitive or private footage until you verify data retention, sharing, and deletion policies. 3) Note the metadata mismatch about ~/.config/nemovideo/ — ask the author whether the skill will read local config files. 4) If you care about provenance, request the official service domain, SLA, and a published SDK or docs; consider creating/using your own service account rather than accepting an anonymously issued token. 5) Because the skill will transfer files off your device, test with non-sensitive content first or run in a sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN
latestvk972bfbk38d3j5jeye82pxy3tx858wd8
16downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@vynbosserman65
latest
Download

Getting Started

Ready when you are. Drop your video clips here or describe what you want to make.

Try saying:

  • "edit a 2-minute raw interview recording into a 1080p MP4"
  • "cut out pauses, add background music, and overlay text intro"
  • "editing videos by typing plain-text instructions instead of manual timeline editing for content creators"

Quick Start Setup

This skill connects to a cloud processing backend. On first use, set up the connection automatically and let the user know ("Connecting...").

Token check: Look for NEMO_TOKEN in the environment. If found, skip to session creation. Otherwise:

  • Generate a UUID as client identifier
  • POST https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token with X-Client-Id header
  • Extract data.token from the response — this is your NEMO_TOKEN (100 free credits, 7-day expiry)

Session: POST https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent with Bearer auth and body {"task_name":"project"}. Keep the returned session_id for all operations.

Let the user know with a brief "Ready!" when setup is complete. Don't expose tokens or raw API output.

AI Video Editor on Prompt — Edit Videos by Text Prompt

Drop your video clips in the chat and tell me what you need. I'll handle the prompt-driven AI editing on cloud GPUs — you don't need anything installed locally.

Here's a typical use: you send a a 2-minute raw interview recording, ask for cut out pauses, add background music, and overlay text intro, and about 1-2 minutes later you've got a MP4 file ready to download. The whole thing runs at 1080p by default.

One thing worth knowing — shorter, specific prompts get more accurate edits than vague instructions.

Matching Input to Actions

User prompts referencing ai video editor on prompt, aspect ratio, text overlays, or audio tracks get routed to the corresponding action via keyword and intent classification.

User says...ActionSkip SSE?
"export" / "导出" / "download" / "send me the video"→ §3.5 Export
"credits" / "积分" / "balance" / "余额"→ §3.3 Credits
"status" / "状态" / "show tracks"→ §3.4 State
"upload" / "上传" / user sends file→ §3.2 Upload
Everything else (generate, edit, add BGM…)→ §3.1 SSE

Cloud Render Pipeline Details

Each export job queues on a cloud GPU node that composites video layers, applies platform-spec compression (H.264, up to 1080x1920), and returns a download URL within 30-90 seconds. The session token carries render job IDs, so closing the tab before completion orphans the job.

All calls go to https://mega-api-prod.nemovideo.ai. The main endpoints:

  1. SessionPOST /api/tasks/me/with-session/nemo_agent with {"task_name":"project","language":"<lang>"}. Gives you a session_id.
  2. Chat (SSE)POST /run_sse with session_id and your message in new_message.parts[0].text. Set Accept: text/event-stream. Up to 15 min.
  3. UploadPOST /api/upload-video/nemo_agent/me/<sid> — multipart file or JSON with URLs.
  4. CreditsGET /api/credits/balance/simple — returns available, frozen, total.
  5. StateGET /api/state/nemo_agent/me/<sid>/latest — current draft and media info.
  6. ExportPOST /api/render/proxy/lambda with render ID and draft JSON. Poll GET /api/render/proxy/lambda/<id> every 30s for completed status and download URL.

Formats: mp4, mov, avi, webm, mkv, jpg, png, gif, webp, mp3, wav, m4a, aac.

Headers are derived from this file's YAML frontmatter. X-Skill-Source is ai-video-editor-on-prompt, X-Skill-Version comes from the version field, and X-Skill-Platform is detected from the install path (~/.clawhub/ = clawhub, ~/.cursor/skills/ = cursor, otherwise unknown).

Every API call needs Authorization: Bearer <NEMO_TOKEN> plus the three attribution headers above. If any header is missing, exports return 402.

Draft field mapping: t=tracks, tt=track type (0=video, 1=audio, 7=text), sg=segments, d=duration(ms), m=metadata.

Timeline (3 tracks): 1. Video: city timelapse (0-10s) 2. BGM: Lo-fi (0-10s, 35%) 3. Title: "Urban Dreams" (0-3s)

Backend Response Translation

The backend assumes a GUI exists. Translate these into API actions:

Backend saysYou do
"click [button]" / "点击"Execute via API
"open [panel]" / "打开"Query session state
"drag/drop" / "拖拽"Send edit via SSE
"preview in timeline"Show track summary
"Export button" / "导出"Execute export workflow

SSE Event Handling

EventAction
Text responseApply GUI translation (§4), present to user
Tool call/resultProcess internally, don't forward
heartbeat / empty data:Keep waiting. Every 2 min: "⏳ Still working..."
Stream closesProcess final response

~30% of editing operations return no text in the SSE stream. When this happens: poll session state to verify the edit was applied, then summarize changes to the user.

Error Codes

  • 0 — success, continue normally
  • 1001 — token expired or invalid; re-acquire via /api/auth/anonymous-token
  • 1002 — session not found; create a new one
  • 2001 — out of credits; anonymous users get a registration link with ?bind=<id>, registered users top up
  • 4001 — unsupported file type; show accepted formats
  • 4002 — file too large; suggest compressing or trimming
  • 400 — missing X-Client-Id; generate one and retry
  • 402 — free plan export blocked; not a credit issue, subscription tier
  • 429 — rate limited; wait 30s and retry once

Common Workflows

Quick edit: Upload → "cut out pauses, add background music, and overlay text intro" → Download MP4. Takes 1-2 minutes for a 30-second clip.

Batch style: Upload multiple files in one session. Process them one by one with different instructions. Each gets its own render.

Iterative: Start with a rough cut, preview the result, then refine. The session keeps your timeline state so you can keep tweaking.

Tips and Tricks

The backend processes faster when you're specific. Instead of "make it look better", try "cut out pauses, add background music, and overlay text intro" — concrete instructions get better results.

Max file size is 500MB. Stick to MP4, MOV, AVI, WebM for the smoothest experience.

Export as MP4 for widest compatibility across platforms and devices.

Comments

Loading comments...