ClawHub

Dental Video Maker

v1.0.3

Dental Video Maker — Create Patient Education and Dental Practice Videos with AI. Patients Google "does a root canal hurt" at 2 AM and the top results are...

0· 82·0 current·0 all-time
by@udnerc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md describes a conversational editor that issues API calls to nemovideo endpoints to upload, edit, and render videos. The primary credential (NEMO_TOKEN) and the default API host are consistent with the stated purpose.
Instruction Scope
Instructions require reading/writing a small client_id file under ~/.config/nemovideo/ and calling the nemovideo API to obtain an anonymous token; they also instruct network calls (curl) to nemovideo domains. This is within scope for a networked video-editing skill, but the skill will make outbound requests and persist a client_id on first use — users should be aware of that behavior.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes disk footprint and risk (no downloads or archive extraction). Network use occurs at runtime via the described API calls.
Credentials
Only the NEMO_TOKEN (primary credential) and optional NEMO_API_URL / NEMO_WEB_URL are referenced. The skill auto-generates an anonymous token if no NEMO_TOKEN is present, which is appropriate for a cloud API client. No unrelated credentials or high-privilege environment variables are requested.
Persistence & Privilege
always:false and model invocation is allowed (platform default). The skill persists a client_id to ~/.config/nemovideo/client_id and stores an anonymous token for the session (token expires in 7 days). This is reasonable for session management but does create a small on-disk artifact and enables automatic re-auth with that client_id.
Assessment
What to consider before installing: - The skill will contact nemovideo endpoints (https://mega-api-prod.nemovideo.ai and https://nemovideo.com) and use curl-style API calls; only install if you trust that domain. - On first use it writes a client_id to ~/.config/nemovideo/client_id and will request an anonymous token (saved as NEMO_TOKEN for the session). If you prefer no persistent files, remove or monitor that directory. - The skill may be invoked autonomously by the agent (platform default). If you want to restrict network calls, do not enable autonomous invocation or remove the skill when not needed. - The skill claims HIPAA-safe operation, but uploading or editing recordings may still include PHI in audio or metadata; verify your own compliance and avoid sending patient-identifying data unless you understand the service's data-handling policy. - Minor inconsistency: the registry summary at the top reported no required config paths, while SKILL.md metadata references ~/.config/nemovideo/ — expect the skill to create/read that path on first use. - If you want tighter control, set a real NEMO_TOKEN tied to an account with restricted scope, or avoid giving any long-lived credentials and rely on the anonymous-token flow described. Overall: behavior is coherent with the stated purpose; the main risks are networking, token handling, and small local persistence — not unexpected for a cloud-based video-editing skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk972d2kcvjdq3b6vjcztgktr1983pa9v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦷 Clawdis
Primary envNEMO_TOKEN

Comments