Ai Video Editor Clothes
PassAudited by ClawScan on May 4, 2026.
Overview
The skill is coherent for cloud-based AI video outfit editing, but users should understand it sends videos to an external backend and uses a bearer token/session.
This skill appears purpose-aligned for cloud AI video outfit editing. Before installing, be comfortable with sending your footage to the NemoVideo backend and using a NEMO_TOKEN bearer token. Avoid uploading confidential videos unless you trust the service’s data handling, and monitor any credit or export-related actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your uploaded videos and edit prompts may be processed by the external NemoVideo service.
The skill explicitly sends user-provided video files or URLs to an external NemoVideo backend for processing. This is expected for the stated cloud video-editing purpose, but it means private footage leaves the local/chat environment.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only upload footage you are comfortable sending to that service, and avoid using confidential or highly sensitive videos unless you trust the provider’s privacy handling.
The skill needs an API token/session to operate, and that token should be protected like a password for this service.
The skill uses a bearer token for API access. This is purpose-aligned and disclosed, but bearer tokens should be treated as credentials because anyone with the token may be able to access the associated session or credits.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Keep NEMO_TOKEN private, do not paste it into chats or logs, and revoke or rotate it if you believe it was exposed.
The remote editor backend can influence workflow steps such as querying state or exporting the current edit.
The skill instructs the agent to translate backend GUI-style messages into API actions. This appears intended to make the cloud editor usable without a GUI, but it gives backend responses some authority to drive subsequent actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Keep backend-driven actions confined to the current video-editing session, and ask the user before any action that would spend credits, publish content, delete data, or affect unrelated accounts.