Ai Subtitle Generator Tiktok
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Videos provided to the skill may be sent to NemoVideo's cloud service for processing.
The skill directs the agent to upload user-selected video files or URLs to an external processing API, which is necessary for cloud subtitle generation but is still a third-party data transfer.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only upload videos you are comfortable sending to that service, and review the final export before sharing it.
The agent can use the NemoVideo token to create sessions, upload media, check credits, and render videos under that token.
The skill uses a provider token for authenticated API calls. This is expected for the integration and the artifact says not to print tokens, but the token still represents delegated access to the service.
**Free token**: Generate a UUID as client identifier, then POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... The response field `data.token` becomes your NEMO_TOKEN... **All requests** must include: `Authorization: Bearer <NEMO_TOKEN>`
Use a scoped or disposable token when possible, do not paste tokens into public chats, and rotate the token if it is exposed.
The remote backend may cause the agent to perform additional edit, state, or export steps during a video-generation task.
The skill tells the agent to treat backend GUI-style responses as instructions for API actions. This is purpose-aligned for a GUI-backed video editor, but it means remote service responses can trigger follow-up actions within the session.
Backend Response Translation... `"click [button]" / "点击" | Execute via API` ... `"Export button" / "导出" | Execute export workflow`
Keep requests limited to the intended video-editing task and review summaries or outputs before relying on the result.
Project details and generated media may persist in the provider's session state while rendering or editing continues.
The workflow stores project draft, video information, and generated media in a remote session. This is normal for cloud rendering, but retention and reuse boundaries are not described in the provided artifact.
Session state: GET `/api/state/nemo_agent/me/<sid>/latest` — key fields: `data.state.draft`, `data.state.video_infos`, `data.state.generated_media`
Avoid uploading highly sensitive videos unless you trust the provider's retention and privacy practices.