Easy Ai Video
v1.0.0content creators and marketers create raw video footage into polished MP4 videos using this skill. Accepts MP4, MOV, AVI, WebM up to 500MB, renders on cloud...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description map to the declared runtime behavior: the SKILL.md calls out a remote Nemo video API, upload and render endpoints, and a single credential NEMO_TOKEN. That credential and network calls are appropriate for a cloud video-rendering skill. One small mismatch: the metadata requests access to a config path (~/.config/nemovideo/) which is plausible for storing tokens but is not explained in the prose; this should be confirmed.
Instruction Scope
The instructions stay within the stated purpose (create/edit/render videos) and specify exactly which API endpoints to call, how to upload files, and how to poll renders. They also instruct reading the skill's YAML frontmatter and detecting the agent install path to set an attribution header — this implies the agent will inspect its own install path and the skill file at runtime. That is within scope for attribution but is a filesystem access you should be aware of.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or written by an installer step. This is the lowest install risk.
Credentials
Only one declared secret (NEMO_TOKEN / primary credential) is required, which is proportional for a remote API. The SKILL.md also defines a flow to create an anonymous token if NEMO_TOKEN is absent. The metadata's configPaths entry suggests the skill may read/write ~/.config/nemovideo/, which is plausible for persisting tokens but is not justified explicitly and could expose other stored data in that directory.
Persistence & Privilege
always:false (normal). The skill instructs saving session_id and token values for continued sessions and may persist them (implied by configPaths). Persisting credentials/session state for convenience is expected for a long-running service, but it increases the impact of any compromise — confirm where/how tokens are stored and how long they live (anonymous tokens expire in 7 days per the doc).
Assessment
This skill appears to do what it says: upload user video files to nemo video cloud APIs and return rendered MP4s. Before installing: (1) Confirm you trust the endpoint host (mega-api-prod.nemovideo.ai) — the skill will send uploaded videos there. (2) Only provide a NEMO_TOKEN scoped for this service (don't reuse high-privilege or unrelated credentials). (3) The skill can generate and persist anonymous tokens and session IDs and may read/write ~/.config/nemovideo/ or inspect its install path for attribution — if you have sensitive data in that config folder, review what the skill will store there. (4) If you need stronger privacy guarantees, test with non-sensitive/dummy videos first, request the provider's privacy/retention policy or a homepage, and consider not installing if you cannot verify the service owner. If you want, ask the publisher for a homepage or source repo and clarify exactly what gets persisted and where.Like a lobster shell, security has layers — review code before you run it.
latestvk971687kwshfbe8d163zh76tqx84jssv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN