ClawHub

Free Motion Video Skill

v1.0.0

animate video clips into motion-enhanced videos with this skill. Works with MP4, MOV, AVI, WebM files up to 500MB. content creators use it for adding cinemat...

0· 61·0 current·0 all-time
by@mory128
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description (animate video clips) matches what the SKILL.md instructs (upload video, create session, SSE for edits, render/export endpoints). The single required credential (NEMO_TOKEN) is consistent with a hosted API service.
Instruction Scope
Instructions route user actions to specific API endpoints, handle token acquisition (anonymous-token), store session_id, upload files (multipart or URL), poll render status, and include attribution headers. They also instruct reading this file's YAML frontmatter and detecting install path (~/.clawhub/, ~/.cursor/skills/) to set X-Skill-Platform — reading those paths is not necessary for core functionality and requires inspecting the user's filesystem, which is a minor privacy/scope consideration but not disproportionate.
Install Mechanism
Instruction-only skill with no install spec or code to write. This is low-risk from an installation perspective (nothing is downloaded or executed locally by the skill itself).
Credentials
Only one environment variable is required (NEMO_TOKEN), which is the expected service credential. Metadata also lists a config path (~/.config/nemovideo/), which aligns with storing session or client config; no unrelated credentials or broad secret access is requested.
Persistence & Privilege
always:false and autonomous invocation is allowed (platform default). The skill instructs saving session_id and using tokens for API calls, but it does not demand permanent elevated privileges or changes to other skills' configuration.
Assessment
This skill appears to do what it claims: it uploads videos to an external service (mega-api-prod.nemovideo.ai) and uses a NEMO_TOKEN to authenticate. Before installing, confirm you trust that domain/service and their privacy practices because any video you send will be uploaded off your machine. If you are privacy-conscious: (1) avoid sending sensitive footage, (2) use a temporary or anonymous token rather than long-lived credentials, (3) verify the service's hostname via other sources, and (4) be aware the skill may check common installation paths and a config folder (~/.config/nemovideo/) to set attribution headers. The skill does not request unrelated credentials or install code locally, but because it is instruction-only there is no code to audit — treat the network endpoints it calls as the primary trust boundary.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ck5fs9gpcr8s9bbvw11nynn84mtr2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎥 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments