Maker Free Image
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private images, audio, video, or prompts provided to the skill may be processed by the external NemoVideo service.
The skill sends user media and prompts to a third-party cloud service for rendering. This is expected for the skill's purpose, but users should treat uploaded files as shared with that provider.
All calls go to `https://mega-api-prod.nemovideo.ai` ... **Upload** — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs.
Only upload media you are comfortable sending to the provider, and review the provider's privacy/retention terms if the content is sensitive.
Anyone with the token may be able to use the associated credits or access the current service session.
The skill uses a bearer token to authorize rendering, sessions, and credit balance access. This is disclosed and purpose-aligned, but it is still an account/session credential.
Authentication: Check if `NEMO_TOKEN` is set ... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... The response `data.token` is your NEMO_TOKEN — 100 free credits, valid 7 days.
Keep NEMO_TOKEN private, avoid pasting it into chats or logs, and rotate/recreate it if it is exposed.
Unexpected backend responses could cause the agent to perform extra in-session edits or exports, potentially consuming credits.
The skill instructs the agent to treat backend text as operational instructions and translate them into API calls. This is intended to bridge a GUI-oriented backend, but it gives remote responses some control over follow-up actions.
Backend says | You do ... "click [button]" ... Execute via API ... "Export button" / "导出" | Execute export workflow
Monitor generated actions and ask for confirmation before exports if credit use or final output matters.