ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Image To Video Tiktok

v1.0.0

Get TikTok-ready video ready to post, without touching a single slider. Upload your static images (JPG, PNG, WEBP, HEIC, up to 200MB), say something like "tu...

0· 80·0 current·0 all-time
bypeandrover adam@peand-rover

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for peand-rover/image-to-video-tiktok.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Image To Video Tiktok" (peand-rover/image-to-video-tiktok) from ClawHub.
Skill page: https://clawhub.ai/peand-rover/image-to-video-tiktok
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: NEMO_TOKEN
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install image-to-video-tiktok

ClawHub CLI

Package manager switcher

npx clawhub@latest install image-to-video-tiktok
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the runtime instructions: it uploads images and uses a cloud backend (mega-api-prod.nemovideo.ai) to produce MP4s. The declared primary credential (NEMO_TOKEN) makes sense. However, the SKILL.md frontmatter includes a configPaths entry (~/.config/nemovideo/) while the registry metadata lists no required config paths — that mismatch is unexpected and could indicate sloppy packaging.
Instruction Scope
Instructions remain within the stated purpose: create sessions, upload images, handle SSE, poll for renders, and return download URLs. Important privacy/behavior notes: the agent is instructed to upload user images to a third-party cloud service and may create or fetch an anonymous NEMO_TOKEN if none is present (POST to /api/auth/anonymous-token). The skill explicitly tells the agent not to expose tokens, but it will transmit user media and metadata to nemovideo.ai — this is expected for the feature but is a meaningful data flow to an external service.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low risk from an install/execution-supply perspective (nothing is downloaded or written by an installer).
Credentials
Only one environment variable is required (NEMO_TOKEN), which is proportional to a cloud-API integration. The frontmatter also references a config path (~/.config/nemovideo/) that could contain credentials; the registry metadata did not list this path — that mismatch should be clarified. The skill will also obtain an anonymous token from the backend if no NEMO_TOKEN is present (network call), which is expected but worth noting.
Persistence & Privilege
No elevated persistence requested: always:false, no install, and no instructions to modify other skills or system-wide agent settings. The skill does not request permanent platform-wide privileges.
What to consider before installing
This skill uploads whatever images you provide to a third-party backend (mega-api-prod.nemovideo.ai) and uses a bearer token (NEMO_TOKEN) to authenticate; if you don't supply a token it will obtain an anonymous one for you. Before installing or using it: 1) Confirm you trust nemovideo.ai with the images and any metadata (do not upload sensitive photos). 2) Decide whether to provide your own NEMO_TOKEN or allow the skill to create an anonymous token (anonymous tokens appear to expire after 7 days and may have limited credits). 3) Ask the publisher to clarify the configPaths discrepancy (SKILL.md references ~/.config/nemovideo/ but the registry metadata lists none). 4) Check the service's privacy/retention policy and how to revoke tokens if you later decide to stop using the skill. The inconsistencies look like sloppy packaging rather than obvious malice, but exercise caution with private or sensitive content.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN
latestvk978r3kch4kxqqcxwkhtj1ch9984qqj6
80downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
peandrover adam@peand-rover
latest
Download

Getting Started

Send me your static images and I'll handle the AI video creation. Or just describe what you're after.

Try saying:

  • "convert three product or lifestyle photos in JPG format into a 1080p MP4"
  • "turn my photos into a 15-second TikTok video with transitions and music"
  • "turning photos into short TikTok videos for TikTok creators"

Quick Start Setup

This skill connects to a cloud processing backend. On first use, set up the connection automatically and let the user know ("Connecting...").

Token check: Look for NEMO_TOKEN in the environment. If found, skip to session creation. Otherwise:

  • Generate a UUID as client identifier
  • POST https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token with X-Client-Id header
  • Extract data.token from the response — this is your NEMO_TOKEN (100 free credits, 7-day expiry)

Session: POST https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent with Bearer auth and body {"task_name":"project"}. Keep the returned session_id for all operations.

Let the user know with a brief "Ready!" when setup is complete. Don't expose tokens or raw API output.

Image to Video TikTok — Convert Photos into TikTok Videos

Drop your static images in the chat and tell me what you need. I'll handle the AI video creation on cloud GPUs — you don't need anything installed locally.

Here's a typical use: you send a three product or lifestyle photos in JPG format, ask for turn my photos into a 15-second TikTok video with transitions and music, and about 30-60 seconds later you've got a MP4 file ready to download. The whole thing runs at 1080p by default.

One thing worth knowing — use vertical 9:16 images for best TikTok framing with no cropping.

Matching Input to Actions

User prompts referencing image to video tiktok, aspect ratio, text overlays, or audio tracks get routed to the corresponding action via keyword and intent classification.

User says...ActionSkip SSE?
"export" / "导出" / "download" / "send me the video"→ §3.5 Export
"credits" / "积分" / "balance" / "余额"→ §3.3 Credits
"status" / "状态" / "show tracks"→ §3.4 State
"upload" / "上传" / user sends file→ §3.2 Upload
Everything else (generate, edit, add BGM…)→ §3.1 SSE

Cloud Render Pipeline Details

Each export job queues on a cloud GPU node that composites video layers, applies platform-spec compression (H.264, up to 1080x1920), and returns a download URL within 30-90 seconds. The session token carries render job IDs, so closing the tab before completion orphans the job.

All calls go to https://mega-api-prod.nemovideo.ai. The main endpoints:

  1. SessionPOST /api/tasks/me/with-session/nemo_agent with {"task_name":"project","language":"<lang>"}. Gives you a session_id.
  2. Chat (SSE)POST /run_sse with session_id and your message in new_message.parts[0].text. Set Accept: text/event-stream. Up to 15 min.
  3. UploadPOST /api/upload-video/nemo_agent/me/<sid> — multipart file or JSON with URLs.
  4. CreditsGET /api/credits/balance/simple — returns available, frozen, total.
  5. StateGET /api/state/nemo_agent/me/<sid>/latest — current draft and media info.
  6. ExportPOST /api/render/proxy/lambda with render ID and draft JSON. Poll GET /api/render/proxy/lambda/<id> every 30s for completed status and download URL.

Formats: mp4, mov, avi, webm, mkv, jpg, png, gif, webp, mp3, wav, m4a, aac.

Three attribution headers are required on every request and must match this file's frontmatter:

HeaderValue
X-Skill-Sourceimage-to-video-tiktok
X-Skill-Versionfrontmatter version
X-Skill-Platformauto-detect: clawhub / cursor / unknown from install path

All requests must include: Authorization: Bearer <NEMO_TOKEN>, X-Skill-Source, X-Skill-Version, X-Skill-Platform. Missing attribution headers will cause export to fail with 402.

Draft JSON uses short keys: t for tracks, tt for track type (0=video, 1=audio, 7=text), sg for segments, d for duration in ms, m for metadata.

Example timeline summary:

Timeline (3 tracks): 1. Video: city timelapse (0-10s) 2. BGM: Lo-fi (0-10s, 35%) 3. Title: "Urban Dreams" (0-3s)

Translating GUI Instructions

The backend responds as if there's a visual interface. Map its instructions to API calls:

  • "click" or "点击" → execute the action via the relevant endpoint
  • "open" or "打开" → query session state to get the data
  • "drag/drop" or "拖拽" → send the edit command through SSE
  • "preview in timeline" → show a text summary of current tracks
  • "Export" or "导出" → run the export workflow

SSE Event Handling

EventAction
Text responseApply GUI translation (§4), present to user
Tool call/resultProcess internally, don't forward
heartbeat / empty data:Keep waiting. Every 2 min: "⏳ Still working..."
Stream closesProcess final response

~30% of editing operations return no text in the SSE stream. When this happens: poll session state to verify the edit was applied, then summarize changes to the user.

Error Codes

  • 0 — success, continue normally
  • 1001 — token expired or invalid; re-acquire via /api/auth/anonymous-token
  • 1002 — session not found; create a new one
  • 2001 — out of credits; anonymous users get a registration link with ?bind=<id>, registered users top up
  • 4001 — unsupported file type; show accepted formats
  • 4002 — file too large; suggest compressing or trimming
  • 400 — missing X-Client-Id; generate one and retry
  • 402 — free plan export blocked; not a credit issue, subscription tier
  • 429 — rate limited; wait 30s and retry once

Tips and Tricks

The backend processes faster when you're specific. Instead of "make it look better", try "turn my photos into a 15-second TikTok video with transitions and music" — concrete instructions get better results.

Max file size is 200MB. Stick to JPG, PNG, WEBP, HEIC for the smoothest experience.

Export as MP4 with H.264 codec for direct TikTok upload compatibility.

Common Workflows

Quick edit: Upload → "turn my photos into a 15-second TikTok video with transitions and music" → Download MP4. Takes 30-60 seconds for a 30-second clip.

Batch style: Upload multiple files in one session. Process them one by one with different instructions. Each gets its own render.

Iterative: Start with a rough cut, preview the result, then refine. The session keeps your timeline state so you can keep tweaking.

Comments

Loading comments...