ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Animated Video Maker Ai

v1.0.0

Cloud-based animated-video-maker-ai tool that handles creating animated explainer or promo videos from text and images. Upload PNG, JPG, MP4, MOV files (up t...

0· 68·0 current·0 all-time
bypeandrover adam@peand-rover
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the runtime instructions (session creation, uploads, render/export endpoints) and the single required credential (NEMO_TOKEN) is expected. However, the skill's YAML frontmatter lists a config path (~/.config/nemovideo/) and the SKILL.md describes detecting install paths (~/.clawhub/, ~/.cursor/skills/) to set an X-Skill-Platform header; these filesystem checks are not necessary for the stated purpose and conflict with the registry metadata that listed no required config paths.
Instruction Scope
Instructions are explicit about creating a session, uploading media, reading SSE streams, polling render status, and generating an anonymous token if NEMO_TOKEN is absent—these are appropriate. They also instruct deriving platform attribution by checking local install paths and reference a config directory in metadata; that suggests the agent may inspect user home paths, which is beyond what a purely API-based video renderer strictly needs.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, which limits what gets written or executed on-disk.
Credentials
Only NEMO_TOKEN is declared as required (primary credential), which is proportionate. Minor inconsistency: the SKILL.md metadata references a config path (~/.config/nemovideo/) that could imply reading local config files; that was not declared in the registry requirements and isn't justified by the description.
Persistence & Privilege
Skill does not request always:true and does not instruct changing other skills or system-wide settings. Autonomy (model invocation) is enabled by default but not combined with excessive privileges.
What to consider before installing
This skill mostly does what it says: it talks to a remote rendering API, uploads media, and returns a finished MP4 using a single NEMO_TOKEN. Before installing, consider: (1) Do not supply a long-lived or high-privilege token unless you trust the service—use the anonymous flow if possible. (2) The skill's metadata and instructions mention checking ~/.config/nemovideo/ and install paths (~/.clawhub/, ~/.cursor/skills/); ask the author why it needs to probe your home directory and whether it will read any files there. (3) The backend host (mega-api-prod.nemovideo.ai) is external and the source is unknown—if you need stronger assurance, request the skill's code or a privacy/security policy from the publisher. (4) Test with non-sensitive media and content first. These inconsistencies are suspicious but not definitive evidence of malicious intent; request clarification from the owner or decline if you are uncomfortable supplying credentials or allowing filesystem checks.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN
latestvk971me5p2bbvpaqrkysphbd9wd84jgh5
68downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
peandrover adam@peand-rover
latest
Download

Getting Started

Send me your text or images and I'll handle the AI animation creation. Or just describe what you're after.

Try saying:

  • "create a short script or three product images into a 1080p MP4"
  • "turn my product description into a 30-second animated explainer video"
  • "creating animated explainer or promo videos from text and images for marketers, educators, social media creators"

Getting Connected

Before handling any user request, establish a connection to the backend API. Show a brief status like "Connecting...".

If NEMO_TOKEN is in the environment, use it directly and create a session. Otherwise, acquire a free starter token:

  • Generate a UUID as client identifier
  • POST to https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token with the X-Client-Id header
  • The response includes a token with 100 free credits valid for 7 days — use it as NEMO_TOKEN

Then create a session by POSTing to https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent with Bearer authorization and body {"task_name":"project","language":"en"}. The session_id in the response is needed for all following requests.

Tell the user you're ready. Keep the technical details out of the chat.

Animated Video Maker AI — Create Animated Videos from Text

Send me your text or images and describe the result you want. The AI animation creation runs on remote GPU nodes — nothing to install on your machine.

A quick example: upload a short script or three product images, type "turn my product description into a 30-second animated explainer video", and you'll get a 1080p MP4 back in roughly 1-2 minutes. All rendering happens server-side.

Worth noting: shorter scripts under 60 seconds produce tighter, more focused animations.

Matching Input to Actions

User prompts referencing animated video maker ai, aspect ratio, text overlays, or audio tracks get routed to the corresponding action via keyword and intent classification.

User says...ActionSkip SSE?
"export" / "导出" / "download" / "send me the video"→ §3.5 Export
"credits" / "积分" / "balance" / "余额"→ §3.3 Credits
"status" / "状态" / "show tracks"→ §3.4 State
"upload" / "上传" / user sends file→ §3.2 Upload
Everything else (generate, edit, add BGM…)→ §3.1 SSE

Cloud Render Pipeline Details

Each export job queues on a cloud GPU node that composites video layers, applies platform-spec compression (H.264, up to 1080x1920), and returns a download URL within 30-90 seconds. The session token carries render job IDs, so closing the tab before completion orphans the job.

All calls go to https://mega-api-prod.nemovideo.ai. The main endpoints:

  1. SessionPOST /api/tasks/me/with-session/nemo_agent with {"task_name":"project","language":"<lang>"}. Gives you a session_id.
  2. Chat (SSE)POST /run_sse with session_id and your message in new_message.parts[0].text. Set Accept: text/event-stream. Up to 15 min.
  3. UploadPOST /api/upload-video/nemo_agent/me/<sid> — multipart file or JSON with URLs.
  4. CreditsGET /api/credits/balance/simple — returns available, frozen, total.
  5. StateGET /api/state/nemo_agent/me/<sid>/latest — current draft and media info.
  6. ExportPOST /api/render/proxy/lambda with render ID and draft JSON. Poll GET /api/render/proxy/lambda/<id> every 30s for completed status and download URL.

Formats: mp4, mov, avi, webm, mkv, jpg, png, gif, webp, mp3, wav, m4a, aac.

Headers are derived from this file's YAML frontmatter. X-Skill-Source is animated-video-maker-ai, X-Skill-Version comes from the version field, and X-Skill-Platform is detected from the install path (~/.clawhub/ = clawhub, ~/.cursor/skills/ = cursor, otherwise unknown).

All requests must include: Authorization: Bearer <NEMO_TOKEN>, X-Skill-Source, X-Skill-Version, X-Skill-Platform. Missing attribution headers will cause export to fail with 402.

Draft JSON uses short keys: t for tracks, tt for track type (0=video, 1=audio, 7=text), sg for segments, d for duration in ms, m for metadata.

Example timeline summary:

Timeline (3 tracks): 1. Video: city timelapse (0-10s) 2. BGM: Lo-fi (0-10s, 35%) 3. Title: "Urban Dreams" (0-3s)

Backend Response Translation

The backend assumes a GUI exists. Translate these into API actions:

Backend saysYou do
"click [button]" / "点击"Execute via API
"open [panel]" / "打开"Query session state
"drag/drop" / "拖拽"Send edit via SSE
"preview in timeline"Show track summary
"Export button" / "导出"Execute export workflow

Reading the SSE Stream

Text events go straight to the user (after GUI translation). Tool calls stay internal. Heartbeats and empty data: lines mean the backend is still working — show "⏳ Still working..." every 2 minutes.

About 30% of edit operations close the stream without any text. When that happens, poll /api/state to confirm the timeline changed, then tell the user what was updated.

Error Codes

  • 0 — success, continue normally
  • 1001 — token expired or invalid; re-acquire via /api/auth/anonymous-token
  • 1002 — session not found; create a new one
  • 2001 — out of credits; anonymous users get a registration link with ?bind=<id>, registered users top up
  • 4001 — unsupported file type; show accepted formats
  • 4002 — file too large; suggest compressing or trimming
  • 400 — missing X-Client-Id; generate one and retry
  • 402 — free plan export blocked; not a credit issue, subscription tier
  • 429 — rate limited; wait 30s and retry once

Common Workflows

Quick edit: Upload → "turn my product description into a 30-second animated explainer video" → Download MP4. Takes 1-2 minutes for a 30-second clip.

Batch style: Upload multiple files in one session. Process them one by one with different instructions. Each gets its own render.

Iterative: Start with a rough cut, preview the result, then refine. The session keeps your timeline state so you can keep tweaking.

Tips and Tricks

The backend processes faster when you're specific. Instead of "make it look better", try "turn my product description into a 30-second animated explainer video" — concrete instructions get better results.

Max file size is 200MB. Stick to PNG, JPG, MP4, MOV for the smoothest experience.

Export as MP4 for widest compatibility across social platforms and presentations.

Comments

Loading comments...