Video Compressor Download
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a cloud video-compression skill that uploads selected videos to NemoVideo and uses a token/session, with no artifact-backed evidence of deception or destructive behavior.
Before installing, make sure you are comfortable sending your videos to the NemoVideo cloud API. Keep NEMO_TOKEN secret, confirm the exact file before upload/export, and avoid using the skill for private or regulated video content unless the provider’s retention and privacy terms meet your needs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The provider API may be contacted as soon as the skill is used, and later upload/export actions can be driven from natural-language requests.
The skill initiates remote API setup automatically as part of its workflow. This is consistent with the advertised cloud video compressor, but it means the agent may contact the provider before further user confirmation.
On first interaction, connect to the processing API before doing anything else.
Use the skill only when you intend to process a video with the NemoVideo cloud service, and confirm which file should be uploaded or exported.
Anyone with the token could potentially use the associated NemoVideo session or credits.
The skill uses a bearer token for NemoVideo API access. This is expected for the integration and the instructions say not to print tokens, but it is still account/session authority.
Include `Authorization: Bearer <NEMO_TOKEN>` and all attribution headers on every request
Keep NEMO_TOKEN private, use a token intended for this service, and revoke or rotate it if it is exposed.
Uploaded videos leave the local device and are processed by the remote NemoVideo service.
The core workflow sends user-selected video files or URLs to an external provider endpoint for server-side processing. This is disclosed and purpose-aligned, but videos can contain sensitive content.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Upload only videos you are comfortable sharing with that service, and check the provider’s privacy/retention terms if the content is sensitive.
Project state, generated media references, and render jobs may remain with the provider for at least the lifetime of the session/job.
The skill relies on remote session and render-job state that may continue to exist after the immediate interaction. This is normal for cloud rendering, but users should understand that jobs are tracked server-side.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Avoid uploading highly sensitive media unless you understand how the provider stores and deletes session data.