Text To Video Free Hd
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less context for who maintains the skill and the external service it uses.
The skill has limited provenance information in the supplied registry metadata. This is not malicious by itself, especially because no executable install code is present, but users cannot verify the publisher or service homepage from these artifacts.
Source: unknown Homepage: none
Review the publisher and NemoVideo service separately before sending important or private content.
Using the skill can create a remote service session before any video is generated.
The skill directs the agent to make external API calls automatically when the skill is first used. This is coherent with cloud rendering setup, but it means invocation triggers remote communication.
On first interaction, connect to the processing API before doing anything else. ... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`
Invoke the skill only when you are comfortable contacting the NemoVideo API, and ask for confirmation before uploads if you want tighter control.
If the token is exposed, someone may be able to use your NemoVideo session or credits.
The workflow relies on a bearer token, either supplied by the user environment or obtained anonymously from the provider. That token grants access to service sessions and credits.
If `NEMO_TOKEN` environment variable is already set, use it ... The response field `data.token` becomes your NEMO_TOKEN
Keep NEMO_TOKEN private, prefer a dedicated token for this skill, and rotate or remove it if you no longer use the service.
Uploaded documents, prompts, and generated media may be processed and stored by the external provider.
The skill sends user-provided prompts/files and render state to an external cloud API. This is expected for the stated text-to-video function, but the artifact does not describe provider retention or privacy terms.
`Upload`: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"` ... All rendering happens server-side.
Do not upload confidential, regulated, or sensitive files unless you accept the provider's handling of that data.
A render may continue remotely or become orphaned if you close the session early.
The render workflow can create asynchronous cloud jobs and polling loops. This is bounded to video export and disclosed, but users should know jobs may outlive the visible interaction.
closing the tab before completion orphans the job ... Poll GET `/api/render/proxy/lambda/<id>` every 30s until `status` = `completed`
Start exports only when you intend to let them finish, and check service state or credits if a job is interrupted.