Italiano Photo Video
ReviewAudited by ClawScan on May 11, 2026.
Overview
This instruction-only skill appears to match its stated purpose, but it sends user-selected media to an external NemoVideo cloud service and uses a provider token/session.
Before installing, be comfortable with sending selected photos, videos, audio, and editing prompts to NemoVideo's cloud API. The provided artifacts do not show local code execution or malicious behavior, but the skill relies on a provider token, external processing, and cloud session state.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use a NemoVideo token or create an anonymous one to access credits, sessions, uploads, and exports for that service.
The skill uses a provider token for authenticated access to the NemoVideo backend. This is expected for the cloud rendering purpose and the instructions say not to expose tokens.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Extract `data.token` from the response
Use only a dedicated NemoVideo token if you provide one, and do not paste or share the token in chat.
Photos, videos, audio, and editing prompts you provide may leave your local environment and be processed by NemoVideo's cloud service.
User-selected photos, videos, and prompts are sent to an external cloud API for processing. This is central to the skill's purpose, but it is privacy-relevant.
This skill connects to a cloud processing backend... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Upload only media you intend to send to the cloud, and avoid sensitive personal files unless you trust the provider's handling and retention practices.
Your project state and generated media may remain associated with a cloud session while the render workflow is active.
The workflow depends on provider-side session state and render jobs that may persist beyond an individual message. This is expected for cloud rendering, but retention and cleanup details are not fully described in the visible artifact.
Keep the returned `session_id` for all operations... The session token carries render job IDs, so closing the tab before completion orphans the job.
Treat cloud sessions as temporary but not necessarily private storage; download results promptly and avoid uploading sensitive media unless necessary.
There is less public context available for verifying who maintains the skill or the service integration.
The skill has no local code or install script, but its provenance is limited while it instructs use of an external service.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the provider domain and only use the skill for media you are comfortable sending to that service.