Video Audio Extractor

This skill appears to do what it says (upload video, call nemo backend, return audio/video exports), but there are some red flags you should consider before installing or using it: - Inconsistent declarations: the registry metadata lists no config paths, but the SKILL.md frontmatter mentions ~/.config/nemovideo/. Check that directory for stored tokens or credentials after use. - Token handling: the skill requires NEMO_TOKEN but will auto-request an anonymous 7-day token if none is present. That means the agent will call an external API on first use and receive a bearer token. If you prefer control, supply your own NEMO_TOKEN (or avoid giving one) and be aware of where tokens are stored. - Attribution headers: the skill asks to auto-detect an install path for X-Skill-Platform; confirm that the agent will not probe sensitive filesystem locations to produce this value. - Privacy: uploading video files to a third-party backend can expose sensitive content. Only upload material you are comfortable sending to the stated domain (mega-api-prod.nemovideo.ai). Verify TLS and consider using an account with minimal privileges/credits. - Source verification: there is no homepage or known publisher. Prefer skills with a verifiable homepage, source repo, or publisher identity. What would change this assessment: explicit registry metadata matching SKILL.md (declared config paths, clear optional vs required credential behavior), a known publisher/homepage, or an explanation of where/how anonymous tokens and session data are stored and rotated. If you proceed, monitor network calls during first use and inspect ~/.config/nemovideo/ for stored tokens; create an account or token with limited scope if possible.