Instagram Video Editor App Free
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherently described as a cloud video editor, but users should know it creates or uses a NemoVideo token and sends uploaded media and prompts to a third-party backend.
This appears to be a normal cloud video-editing skill rather than a malicious one. Before installing, be comfortable with automatic connection to NemoVideo, token-based authentication, and uploading selected videos to the cloud. Avoid sending sensitive footage unless you trust the provider and understand its privacy practices.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any uploaded clip and prompt content may be processed by NemoVideo's backend, so private or sensitive footage could leave the local environment.
The skill clearly sends user-selected videos and editing instructions to an external cloud service for processing.
This tool takes your video clips and runs AI video editing through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Only upload media you are comfortable sending to the cloud provider, and review the provider's privacy and retention practices if the footage is sensitive.
Anyone with the token could potentially use the associated NemoVideo session or credits until the token expires or is revoked.
The skill uses a bearer token to authorize actions with the video-rendering backend; this is expected for the integration but is still credential-bearing access.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN private, avoid sharing logs that may contain it, and rotate or revoke it if exposed.
Edits or exports could be triggered as part of the automated workflow, potentially consuming credits or producing outputs without much intermediate explanation.
The skill directs the agent to convert backend GUI-style messages into API actions, including export actions. This fits the intended workflow but means external backend responses can drive actions inside the editing session.
| "click [button]" / "点击" | Execute via API | ... | "Export button" / "导出" | Execute export workflow |
Keep API actions scoped to the current project and ask for confirmation before uploads, exports, or other credit-consuming operations.
Users have less provenance information to assess trust before sending media to the service.
The registry information does not provide a source repository or homepage, which limits independent verification of the skill or its backend operator.
Source: unknown; Homepage: none
Verify the publisher and service reputation before using the skill with sensitive or business-critical video content.