ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Image To Video Joyfun

v1.0.0

Get animated video clips ready to post, without touching a single slider. Upload your still images (JPG, PNG, WEBP, GIF, up to 200MB), say something like "an...

0· 58·0 current·0 all-time
bypeandrover adam@peand-rover

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for peand-rover/image-to-video-joyfun.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Image To Video Joyfun" (peand-rover/image-to-video-joyfun) from ClawHub.
Skill page: https://clawhub.ai/peand-rover/image-to-video-joyfun
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: NEMO_TOKEN
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install image-to-video-joyfun

ClawHub CLI

Package manager switcher

npx clawhub@latest install image-to-video-joyfun
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared primary credential (NEMO_TOKEN) and the SKILL.md's API endpoints align with an external 'image→video' service. However, the metadata also declares a config path (~/.config/nemovideo/) and asks the agent to auto-detect an install path/platform for an attribution header — neither is explained by the description or by the runtime instructions. That extra request for local config/paths is unexpected for a purely cloud-based rendering service.
Instruction Scope
Instructions are explicit and focused: check for NEMO_TOKEN, optionally obtain an anonymous token from the remote API, create a session, upload images, drive edits via SSE, poll render status, and fetch a download URL. All of these are coherent with remote rendering and the stated purpose. The skill instructs hiding raw API responses/tokens from the user and requires attribution headers; no instructions ask the agent to read unrelated system files or other credentials.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, so it does not write code or binaries to disk. This is the lowest-risk install model.
!
Credentials
Only one environment variable (NEMO_TOKEN) is declared and is appropriate for an API-driven service. The concern is the metadata's configPaths (~/.config/nemovideo/) and the requirement to auto-detect an install path/platform for a header — those imply potential access to local filesystem or agent install metadata that is not necessary for the core task and is not described in the instructions.
Persistence & Privilege
The skill is not always-enabled and does not request elevated/system-wide persistence. It does instruct storing a session_id for subsequent API calls (normal for a session-oriented API). Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges.
What to consider before installing
This skill appears to be an instruction-only connector to a third-party video-rendering API and will upload your images to mega-api-prod.nemovideo.ai and may create an anonymous token on that service if you don't provide one. Things to consider before installing: (1) privacy — uploaded images will be sent to an external service; avoid sending sensitive images. (2) Token handling — the skill will accept a user-provided NEMO_TOKEN or request an anonymous token on your behalf; if you prefer control, set your own token in the environment. (3) Unexpected metadata — the skill declares a local config path (~/.config/nemovideo/) and asks to auto-detect platform/install path for headers; confirm whether the agent will actually read local files or install metadata before granting filesystem access. (4) If you need stronger assurances, ask the author for a privacy policy, an explanation of why local config/install-path detection is needed, or request a version that does not auto-generate tokens or touch local paths.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎞️ Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN
latestvk97erj87whf5sr94dhgqm40pxh84xfn6
58downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
peandrover adam@peand-rover
latest
Download

Getting Started

Got still images to work with? Send it over and tell me what you need — I'll take care of the AI video creation.

Try saying:

  • "convert a single product photo or illustration into a 1080p MP4"
  • "animate this image into a 5-second video clip with smooth motion"
  • "turning static images into short animated videos for social media creators"

First-Time Connection

When a user first opens this skill, connect to the processing backend automatically. Briefly let them know (e.g. "Setting up...").

Authentication: Check if NEMO_TOKEN is set in the environment. If it is, skip to step 2.

  1. Obtain a free token: Generate a random UUID as client identifier. POST to https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token with header X-Client-Id set to that UUID. The response data.token is your NEMO_TOKEN — 100 free credits, valid 7 days.
  2. Create a session: POST to https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent with Authorization: Bearer <token>, Content-Type: application/json, and body {"task_name":"project","language":"<detected>"}. Store the returned session_id for all subsequent requests.

Keep setup communication brief. Don't display raw API responses or token values to the user.

Image to Video Joyfun — Convert Images Into Video Clips

Send me your still images and describe the result you want. The AI video creation runs on remote GPU nodes — nothing to install on your machine.

A quick example: upload a single product photo or illustration, type "animate this image into a 5-second video clip with smooth motion", and you'll get a 1080p MP4 back in roughly 30-60 seconds. All rendering happens server-side.

Worth noting: higher contrast images with clear subjects animate more smoothly.

Matching Input to Actions

User prompts referencing image to video joyfun, aspect ratio, text overlays, or audio tracks get routed to the corresponding action via keyword and intent classification.

User says...ActionSkip SSE?
"export" / "导出" / "download" / "send me the video"→ §3.5 Export
"credits" / "积分" / "balance" / "余额"→ §3.3 Credits
"status" / "状态" / "show tracks"→ §3.4 State
"upload" / "上传" / user sends file→ §3.2 Upload
Everything else (generate, edit, add BGM…)→ §3.1 SSE

Cloud Render Pipeline Details

Each export job queues on a cloud GPU node that composites video layers, applies platform-spec compression (H.264, up to 1080x1920), and returns a download URL within 30-90 seconds. The session token carries render job IDs, so closing the tab before completion orphans the job.

All calls go to https://mega-api-prod.nemovideo.ai. The main endpoints:

  1. SessionPOST /api/tasks/me/with-session/nemo_agent with {"task_name":"project","language":"<lang>"}. Gives you a session_id.
  2. Chat (SSE)POST /run_sse with session_id and your message in new_message.parts[0].text. Set Accept: text/event-stream. Up to 15 min.
  3. UploadPOST /api/upload-video/nemo_agent/me/<sid> — multipart file or JSON with URLs.
  4. CreditsGET /api/credits/balance/simple — returns available, frozen, total.
  5. StateGET /api/state/nemo_agent/me/<sid>/latest — current draft and media info.
  6. ExportPOST /api/render/proxy/lambda with render ID and draft JSON. Poll GET /api/render/proxy/lambda/<id> every 30s for completed status and download URL.

Formats: mp4, mov, avi, webm, mkv, jpg, png, gif, webp, mp3, wav, m4a, aac.

Three attribution headers are required on every request and must match this file's frontmatter:

HeaderValue
X-Skill-Sourceimage-to-video-joyfun
X-Skill-Versionfrontmatter version
X-Skill-Platformauto-detect: clawhub / cursor / unknown from install path

Include Authorization: Bearer <NEMO_TOKEN> and all attribution headers on every request — omitting them triggers a 402 on export.

Draft JSON uses short keys: t for tracks, tt for track type (0=video, 1=audio, 7=text), sg for segments, d for duration in ms, m for metadata.

Example timeline summary:

Timeline (3 tracks): 1. Video: city timelapse (0-10s) 2. BGM: Lo-fi (0-10s, 35%) 3. Title: "Urban Dreams" (0-3s)

Translating GUI Instructions

The backend responds as if there's a visual interface. Map its instructions to API calls:

  • "click" or "点击" → execute the action via the relevant endpoint
  • "open" or "打开" → query session state to get the data
  • "drag/drop" or "拖拽" → send the edit command through SSE
  • "preview in timeline" → show a text summary of current tracks
  • "Export" or "导出" → run the export workflow

SSE Event Handling

EventAction
Text responseApply GUI translation (§4), present to user
Tool call/resultProcess internally, don't forward
heartbeat / empty data:Keep waiting. Every 2 min: "⏳ Still working..."
Stream closesProcess final response

~30% of editing operations return no text in the SSE stream. When this happens: poll session state to verify the edit was applied, then summarize changes to the user.

Error Codes

  • 0 — success, continue normally
  • 1001 — token expired or invalid; re-acquire via /api/auth/anonymous-token
  • 1002 — session not found; create a new one
  • 2001 — out of credits; anonymous users get a registration link with ?bind=<id>, registered users top up
  • 4001 — unsupported file type; show accepted formats
  • 4002 — file too large; suggest compressing or trimming
  • 400 — missing X-Client-Id; generate one and retry
  • 402 — free plan export blocked; not a credit issue, subscription tier
  • 429 — rate limited; wait 30s and retry once

Tips and Tricks

The backend processes faster when you're specific. Instead of "make it look better", try "animate this image into a 5-second video clip with smooth motion" — concrete instructions get better results.

Max file size is 200MB. Stick to JPG, PNG, WEBP, GIF for the smoothest experience.

Use PNG images for cleaner edges and better animation output quality.

Common Workflows

Quick edit: Upload → "animate this image into a 5-second video clip with smooth motion" → Download MP4. Takes 30-60 seconds for a 30-second clip.

Batch style: Upload multiple files in one session. Process them one by one with different instructions. Each gets its own render.

Iterative: Start with a rough cut, preview the result, then refine. The session keeps your timeline state so you can keep tweaking.

Comments

Loading comments...