Maker From Photos
PassAudited by ClawScan on May 8, 2026.
Overview
This appears to be a purpose-aligned cloud video-making skill, but it sends uploaded media to a third-party backend and uses a service token/session.
This skill is reasonable for cloud-based slideshow/video creation, but install and use it only if you are comfortable sending the selected photos, videos, audio, and prompts to mega-api-prod.nemovideo.ai. Treat NEMO_TOKEN as a secret, watch for credit/subscription implications, and avoid using highly sensitive media unless you have verified the provider’s privacy practices.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your uploaded media may be processed by the external Nemovideo service, so sensitive personal or business images could be exposed to that provider.
The skill intentionally sends user-provided media to a remote cloud backend for processing, which is aligned with its purpose but means photos, videos, audio, and prompts leave the local chat environment.
This skill connects to a cloud processing backend... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file
Use the skill only with files you are comfortable uploading to the listed backend, and check the provider’s privacy/retention terms if the media is sensitive.
The token may control access to credits, sessions, and generated outputs for this service.
The skill uses a bearer token for service access and can create an anonymous token when one is not already configured. This is disclosed and purpose-aligned, but it is still credential handling.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Extract `data.token`
Keep NEMO_TOKEN private, avoid pasting it into chat, and revoke or rotate it if you believe it was exposed.
You have less provenance information for deciding whether to trust the external service that will receive media and handle rendering.
The registry does not provide a source repository or homepage to independently verify the provider or implementation, while the skill depends on a remote API service.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Before using sensitive content, verify the Nemovideo service and account/credit terms through trusted channels.