Maker To Generator
PassAudited by ClawScan on May 4, 2026.
Overview
This skill is a disclosed remote video-generation workflow that uses a NemoVideo token and uploads user-provided media to a cloud API, with no evidence of hidden code or malicious behavior.
This skill looks purpose-aligned and instruction-only. Before installing, be comfortable with sending your clips and prompts to NemoVideo's cloud API, use a dedicated NEMO_TOKEN if possible, and supervise exports or edits that the backend asks the agent to perform.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent will use or create a service token to access the remote video API on the user's behalf.
The skill uses a bearer token to authenticate every request to the video-processing API. This is expected for the integration and the artifact instructs not to print tokens, but it is still credential use that users should recognize.
Token: If `NEMO_TOKEN` environment variable is already set, use it... Free token: Generate a UUID... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Include `Authorization: Bearer <NEMO_TOKEN>`
Use a dedicated token for this service, avoid sharing the token, and revoke or rotate it if you no longer use the skill.
Any video clips or URLs you provide may be uploaded to NemoVideo's remote infrastructure for rendering.
The skill sends user-provided video files and prompts to an external cloud service for processing. That is central to the stated purpose, but uploaded clips may contain private or sensitive content.
Send me your video clips... The AI video generation runs on remote GPU nodes... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Only upload media you are comfortable sending to the provider, and check the provider's privacy and retention terms before using sensitive footage.
The remote backend can guide edits or exports within the video-generation session.
The skill tells the agent to treat certain backend responses as instructions to perform API actions. This appears intended to bridge a GUI-oriented backend into an API workflow, but it means remote service responses can influence the agent's next actions.
Backend Response Translation... | "click [button]" / "点击" | Execute via API | ... | "Export button" / "导出" | Execute export workflow |
Keep actions limited to the active video project and ask for user confirmation before taking unexpected or irreversible steps.