Vidix Ai Photo Video Generator
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: vidix-ai-photo-video-generator Version: 1.0.0 The skill is a legitimate integration for the Vidix AI video generation service (nemovideo.ai). It manages a standard cloud-based media processing workflow, including anonymous token acquisition, session management, and file uploads to the service's API. The instructions in SKILL.md specifically advise the agent against displaying sensitive tokens to the user and focus entirely on the stated purpose of converting photos to video without any indicators of malicious intent or unauthorized data access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act against the Nemo/Vidix backend using a token associated with your session or anonymous credits.
The skill uses a bearer token for the external Nemo/Vidix service and can obtain an anonymous token automatically. This is expected for the cloud rendering workflow and no leakage is shown, but it is still delegated account/session authority.
Check if `NEMO_TOKEN` is set in the environment... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... The response `data.token` is your NEMO_TOKEN
Use a dedicated token if possible, avoid sharing token values, and understand that anonymous tokens/credits may expire or be rate-limited.
Photos, videos, audio, prompts, and generated project data may leave the local environment for cloud processing.
User-provided images/media and prompts are sent to an external cloud processing service. This is central to the skill's purpose and disclosed, but users should treat it as sharing content with a third party.
This tool takes your photos or images and runs AI video creation through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Do not upload confidential or regulated media unless you are comfortable with Nemo/Vidix processing it under their terms.
The backend session may link uploads, prompts, render state, and export jobs during the token/session lifetime.
The skill maintains a session identifier so later requests refer to the same cloud rendering job. This is normal for a multi-step render workflow, but it is persistent task context.
Create a session... Store the returned `session_id` for all subsequent requests.
Start a new session for unrelated projects and avoid mixing sensitive and non-sensitive media in the same session.