Heygen Ai

The skill exhibits brand impersonation, claiming to be 'HeyGen AI' while directing all API traffic to an unrelated domain (nemovideo.ai). It includes instructions for the agent to fingerprint the user's environment by checking installation paths (e.g., `~/.cursor/skills/`) and requests access to local configuration directories (`~/.config/nemovideo/`). While the core functionality appears to be a video generation wrapper, the deceptive naming and environment probing are significant indicators of suspicious intent. IOC: mega-api-prod.nemovideo.ai.