v1.0.0

Ai Video Generator Free Discord

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 11:24 PM.

Analysis

This is mostly a cloud video-generation wrapper, but its strong “free” positioning conflicts with credit, top-up, and subscription-blocked export paths.

GuidanceBefore installing, understand that this skill contacts NemoVideo automatically, sends your prompts and uploaded media to a remote backend, and may use credits or encounter subscription-gated exports despite the “free” wording. Avoid sensitive uploads unless you trust the provider and confirm credit, cost, and retention expectations.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

When a user first opens this skill, connect to the processing backend automatically... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`

The skill initiates backend API calls automatically on first use. This is purpose-aligned for a cloud video generator, but users should know the skill contacts an external service before generation begins.

User impactOpening or invoking the skill can create a backend session and use remote video-generation actions.

RecommendationMake the automatic connection and any credit-consuming actions clear before upload or export.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none

The package has limited provenance information. There is no local install or dependency execution shown, but users have less information for verifying the publisher or backend trustworthiness.

User impactUsers must trust a skill with limited registry provenance to send prompts and media to a remote service.

RecommendationVerify the provider and terms independently before uploading sensitive or valuable media.

Cascading Failures

SeverityLowConfidenceHighStatusNote

SKILL.md

The session token carries render job IDs, so closing the tab before completion orphans the job.

A render job can continue or become detached from the user's active session if the tab closes. The impact appears limited to the cloud render workflow, but it can affect completion, access, or credits.

User impactA user may lose track of an in-progress render or waste credits if a job is orphaned.

RecommendationKeep the session open until rendering completes and prefer workflows that expose job recovery or cancellation.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

"AI Video Generator Free Discord" ... "generating free AI videos" ... `2001` — out of credits ... top up ... `402` — free plan export blocked ... subscription tier

The skill strongly advertises free video generation while its own error handling documents credit exhaustion, top-ups, and subscription-tier export blocking. That is a material tradeoff not clearly presented up front.

User impactUsers may upload prompts or media expecting a free workflow, only to encounter registration, top-up, or subscription limits later.

RecommendationClearly disclose credit limits, possible paywalls, and export restrictions before accepting uploads or starting renders.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

All requests must include: `Authorization: Bearer <NEMO_TOKEN>`

The skill uses a service token to authorize requests to the NemoVideo backend. This is expected for the stated integration and there is no evidence of token logging, hardcoding, or use with unrelated services.

User impactThe token can authorize video-generation sessions and may be tied to free credits or account status.

RecommendationUse a token intended only for this service, avoid sharing it, and rotate or revoke it if you stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

Store the returned `session_id` for all subsequent requests.

The skill keeps session context across requests so it can continue an editing/render workflow. This is purpose-aligned, but session state should be scoped so one project does not unintentionally affect another.

User impactPrompts, uploaded media, generated assets, or timeline state may remain associated with the active backend session.

RecommendationUse separate sessions for unrelated projects and clear or reset the session when switching contexts.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

`/run_sse` | POST | Send a user message... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file

The skill sends user messages and uploaded media to a fixed external backend and streams responses back. This is expected for cloud rendering, but it is a data boundary users should understand.

User impactText prompts, files, and related session data can be transmitted to the NemoVideo backend.

RecommendationDo not upload confidential, private, or rights-sensitive media unless you are comfortable with the external service handling it.