Professional Ai Video Generator
PassAudited by ClawScan on May 4, 2026.
Overview
The skill appears to be a disclosed cloud video generator, but users should expect their prompts or uploaded media to be sent to a remote Nemovideo service using a token.
Install this skill only if you are comfortable sending scripts, prompts, and uploaded media to the Nemovideo cloud backend. Protect your NEMO_TOKEN, check any credit or usage terms, and confirm before exporting or uploading sensitive content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The token may control access to the video backend and any available credits for rendering.
The skill uses a bearer token for backend sessions and can automatically obtain an anonymous token if one is not present.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Use a token intentionally, keep it private, and monitor any credit or account usage tied to the token.
Scripts, prompts, uploaded media, and draft video data may be transmitted to and processed by the remote provider.
The artifact clearly shows prompts, scripts, uploads, session state, and render jobs are handled by an external cloud service.
This skill connects to a cloud processing backend... All calls go to `https://mega-api-prod.nemovideo.ai`... Upload — `POST /api/upload-video/nemo_agent/me/<sid>`
Do not upload confidential or sensitive media unless you are comfortable with that provider processing it.
Backend responses can drive edits or exports, which may consume credits or change the current video draft.
The skill translates backend GUI-style instructions into API calls, including export actions, within the video workflow.
"click" or "点击" → execute the action via the relevant endpoint... "Export" or "导出" → run the export workflow
Confirm uploads and exports before proceeding, especially if credits or paid usage may be involved.
Users have less information to verify the publisher or service before sending content or using a token.
The registry metadata does not provide an independently verifiable source or homepage for the cloud service integration.
Source: unknown; Homepage: none
Verify the service domain and publisher through a trusted channel before using sensitive content.