Maker From Photos
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your uploaded media may be processed by the external Nemovideo service, so sensitive personal or business images could be exposed to that provider.
The skill intentionally sends user-provided media to a remote cloud backend for processing, which is aligned with its purpose but means photos, videos, audio, and prompts leave the local chat environment.
This skill connects to a cloud processing backend... `/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file
Use the skill only with files you are comfortable uploading to the listed backend, and check the provider’s privacy/retention terms if the media is sensitive.
The token may control access to credits, sessions, and generated outputs for this service.
The skill uses a bearer token for service access and can create an anonymous token when one is not already configured. This is disclosed and purpose-aligned, but it is still credential handling.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... Extract `data.token`
Keep NEMO_TOKEN private, avoid pasting it into chat, and revoke or rotate it if you believe it was exposed.
You have less provenance information for deciding whether to trust the external service that will receive media and handle rendering.
The registry does not provide a source repository or homepage to independently verify the provider or implementation, while the skill depends on a remote API service.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Before using sensitive content, verify the Nemovideo service and account/credit terms through trusted channels.