Ai Cartoon Video
ReviewAudited by ClawScan on May 11, 2026.
Overview
This instruction-only skill is coherent for cloud cartoon-video conversion, but it sends user-provided media to a third-party API and uses or creates a NemoVideo bearer token.
This appears suitable if you want cloud-based cartoon video conversion and are comfortable sending selected media to mega-api-prod.nemovideo.ai. Before installing, verify the provider if possible, protect your NEMO_TOKEN, and ask for confirmation before uploads or exports involving sensitive files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken request or unclear confirmation could start cloud processing or an export for media you provide.
The skill directs the agent to call remote edit/render/export APIs. These actions are central to the cartoon-video purpose, but they can start jobs and consume service credits.
`/run_sse` ... Send a user message ... `/api/render/proxy/lambda` ... Start export ... Poll status every 30s.
Use the skill only for intended files and ask the agent to confirm before uploads, exports, or credit-consuming operations.
The token may authorize API use, credits, sessions, and exports on the NemoVideo service.
The skill uses a bearer token for NemoVideo API access or creates an anonymous token. This is expected for the service integration, with no artifact evidence of leaking or using the token for unrelated services.
If `NEMO_TOKEN` is in the environment, use it directly ... Otherwise, acquire a free starter token ... Every API call needs `Authorization: Bearer <NEMO_TOKEN>`.
Keep NEMO_TOKEN private, use the least-privileged/account-specific token available, and rotate or revoke it if you no longer trust the skill.
Videos, images, audio, URLs, and prompts you provide may be sent to the external NemoVideo service.
User-selected media is intentionally uploaded to the NemoVideo cloud API for processing. This is purpose-aligned and disclosed, but the visible artifacts do not provide privacy or retention terms.
I'll handle the AI cartoon style conversion on cloud GPUs ... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file (multipart) or URL.
Do not upload private or sensitive media unless you trust the provider and are comfortable with its cloud processing and retention practices.
You have less independent information for deciding whether to trust the skill before sending media or tokens to its backend.
There is no local code or installer to inspect, which reduces install risk, but the package provenance and provider identity are harder for a user to verify.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the author/service out of band if possible, especially before uploading sensitive content or using a paid token.
You may receive a simple readiness message without seeing all backend connection details.
The instruction favors a simplified user experience and does not by itself show deception, but it could mean users are not proactively told about token/session setup unless they ask.
Tell the user you're ready. Keep the technical details out of the chat.
Ask the agent to disclose when it connects, uploads files, creates sessions, or starts exports if you want more transparency.