Tomoviee Video
PassAudited by ClawScan on May 11, 2026.
Overview
This is a cloud video-editing skill that uses a NemoVideo token and uploads user-selected media for rendering; that matches its stated purpose, but users should understand the cloud and credential implications.
Install only if you trust NemoVideo's cloud service with the media you upload. Use a scoped service token, watch credit or billing usage, and request confirmation before exports or other credit-consuming actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The token may control NemoVideo sessions, free credits, or paid-account usage.
The skill uses or obtains a provider token for NemoVideo and then sends it as Bearer authorization on requests. This is expected for the stated cloud rendering service, but it is still credential and credit-bearing access.
If `NEMO_TOKEN` is in the environment, use it directly... Otherwise, acquire a free starter token... use it as NEMO_TOKEN
Use only a token intended for this service, keep it private, and review credit or billing effects before rendering/exporting.
Uploaded media and prompts are sent to NemoVideo's cloud API for processing.
The skill clearly uses an external cloud provider to process uploaded media. That is aligned with its purpose, but user videos, images, and audio can be sensitive and leave the local environment.
This tool takes your raw video clips and runs AI video creation through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Only upload clips you are comfortable sending to the provider, and check the provider's privacy and retention terms for sensitive footage.
Edits, state checks, uploads, or exports may be performed through internal API calls after the user gives a high-level request.
The skill lets backend SSE/GUI-style instructions drive follow-on API calls inside the editing workflow. This appears purpose-aligned, but it means some actions are automated based on provider responses rather than shown step-by-step to the user.
Tool calls stay internal... Map its instructions to API calls: `click` or `点击` → execute the action via the relevant endpoint
Ask the agent to confirm before exports, paid/credit-consuming renders, or major edits if you want tighter control.