ClawHub

Ai Photo Editor

v1.0.0

Transform ordinary snapshots into polished, professional-quality images without touching a slider. This ai-photo-editor skill handles everything from backgro...

0· 41·0 current·0 all-time
by@tk8544-b
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, network endpoints, and the required NEMO_TOKEN align with an online AI photo editor. Minor mismatch: the SKILL.md frontmatter declares a config path (~/.config/nemovideo/) while the registry metadata listed no required config paths — this is plausibly for cached credentials but is an inconsistency to be aware of.
Instruction Scope
SKILL.md gives precise API calls: anonymous-token creation, session creation, SSE message streaming, multipart uploads, exports and polling. Those are within the editor's purpose. Important: the instructions explicitly upload user files to a third-party API and instruct detecting an install path (implying reading filesystem paths). These behaviors are expected for cloud editing but have privacy implications and should be disclosed to users.
Install Mechanism
No install spec and no code files (instruction-only). This is low-risk from an installation/execution standpoint — nothing is written to disk by an installer.
Credentials
Only a single credential (NEMO_TOKEN) is required, which is proportional for a service that requires bearer auth. The frontmatter's configPaths hint at reading ~/.config/nemovideo/ (potentially to find cached tokens) — that expands scope slightly and wasn't declared in the registry metadata.
Persistence & Privilege
always is false and the skill is user-invocable. The skill asks to save session_id for the session but does not request permanent system-wide privileges or always-on inclusion.
Assessment
This skill appears to do what it says: it will call an external nemovideo API and requires a NEMO_TOKEN (it can obtain a short-lived anonymous token for you). Before installing, consider: 1) privacy: your photos will be uploaded to https://mega-api-prod.nemovideo.ai — don't send sensitive images unless you trust that service; 2) credentials: provide a limited/anonymous token if you want to limit exposure and confirm how long/where the token/session_id are stored; 3) filesystem access: the skill's metadata references ~/.config/nemovideo/ and asks you to detect install path — verify whether you want the agent to read that location; 4) metadata mismatch: registry metadata omitted config path requirements present in SKILL.md — ask the author to reconcile this. If you proceed, test with non-sensitive images and an anonymous token first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c84rp0c5gbadeez7n7fhcbd843bpr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments