Domo Ai
PassAudited by ClawScan on May 13, 2026.
Overview
This appears to be a disclosed remote video-generation connector, but it sends selected media and service session data to an external NemoVideo backend.
This skill is reasonable for cloud AI video generation if you trust the NemoVideo backend. Before installing, understand that selected media, prompts, session identifiers, and render jobs are sent to a remote service, and verify the publisher/provider if you plan to use private or sensitive images and videos.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can create and use a NemoVideo service session and may consume or manage service credits/jobs tied to that token.
The skill uses a bearer token and can create an anonymous service token if one is not already present. This is expected for the cloud rendering service, but it gives the agent delegated access to that service session.
Check if `NEMO_TOKEN` is set... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... The response `data.token` is your NEMO_TOKEN
Use a token intended for this service only, avoid sharing it, and revoke or rotate it if you no longer trust the skill or provider.
Photos, videos, prompts, and generated outputs may be processed by the external NemoVideo service.
The skill sends user-provided image, video, and other media files to an external backend for processing. This is central to the stated purpose and is disclosed.
**API base**: `https://mega-api-prod.nemovideo.ai` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Only upload media you are comfortable sending to that provider, especially if it contains faces, private locations, copyrighted content, or confidential material.
The provider backend can influence actions such as querying state, editing the draft, or exporting a video within the active session.
The instructions let backend responses trigger scoped API actions inside the video-generation workflow. This appears purpose-aligned, but it means remote backend messages help drive agent actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Review generated edits and exports before using or sharing the final video, and avoid treating backend responses as approval for unrelated actions.
It may be harder to independently verify who maintains the integration or whether the NemoVideo backend is the intended provider for this Domo AI skill.
The skill has no provided source repository or homepage, while it depends on a remote service API. This is a provenance limitation rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Verify the publisher and service endpoint before uploading sensitive media or relying on the generated outputs.