Video Editing With Linux
AdvisoryAudited by VirusTotal on Apr 21, 2026.
Overview
Type: OpenClaw Skill Name: video-editing-with-linux Version: 1.0.0 The skill facilitates cloud-based video editing by connecting to a third-party API (nemovideo.ai). It includes instructions for automated session management, anonymous token generation, and file uploads/exports. While it directs the agent to perform minor environment fingerprinting (checking install paths like ~/.cursor/skills/ for attribution headers), the behavior is transparently documented and strictly aligned with the stated purpose of the video processing service without evidence of malicious exfiltration or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening or using the skill can create a remote NemoVideo session before any local editing happens.
The skill instructs the agent to make remote API calls automatically during first-time setup. This is disclosed and aligned with the cloud video-editing purpose, but users should notice the automatic backend connection.
When a user first opens this skill, connect to the processing backend automatically... Create a session: POST to `https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent`
Use it only if you are comfortable with automatic connection to the NemoVideo backend, and keep uploads/exports tied to explicit user requests.
Anyone with access to the token could potentially use the associated NemoVideo session or credits.
The skill uses a bearer token for the NemoVideo service. This is expected for the integration and the instructions avoid displaying token values, but it is still delegated account/session authority.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>`... Don't display raw API responses or token values to the user.
Use a dedicated or disposable token when possible, avoid sharing it, and rotate it if exposed.
Uploaded clips, URLs, and editing instructions may be processed by NemoVideo's cloud service.
The skill sends selected video files or URLs to an external provider for cloud processing. This is central to the stated purpose, but it crosses a data boundary and may involve personal media.
`Upload`: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Upload only files you intend to send to the third-party service, and avoid highly sensitive videos unless you trust the provider's privacy practices.
Users have less information for validating the publisher or service backing the skill.
The skill has limited provenance information. There are no code files or install scripts, but the remote-service dependency is harder for a user to independently verify.
Source: unknown; Homepage: none
Verify the publisher and the `mega-api-prod.nemovideo.ai` service before using it for sensitive media.