Video Trimmer High
PassAudited by ClawScan on Apr 30, 2026.
Overview
This looks like a purpose-aligned cloud video trimming skill, but it will contact an external NemoVideo API, use a token, upload media, and keep cloud session/render state.
Install this only if you are comfortable sending raw video files to `https://mega-api-prod.nemovideo.ai` and using a NemoVideo token or generated anonymous token. Avoid uploading sensitive footage unless you trust the provider, and review export/credit usage for important projects.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The remote service may guide editing or export steps after you submit a request.
The skill makes remote backend responses actionable by translating GUI-style text into API calls. This is disclosed and purpose-aligned for video editing, but it means the backend can influence follow-up actions within the workflow.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... "click" or "点击" → execute the action via the relevant endpoint
Use the skill for intended video-editing tasks and review important or credit-consuming actions such as export before relying on the result.
Your uploaded video will be processed by the external service, and export jobs may consume service credits.
The skill uses external API operations to upload media, render, poll status, and return a download URL. These actions are central to cloud video trimming, but they are meaningful operations on user files and rendering credits.
Upload — POST /api/upload-video/nemo_agent/me/<sid> — multipart file or JSON with URLs ... Export — POST /api/render/proxy/lambda ... Poll GET /api/render/proxy/lambda/<id>
Only upload videos you are comfortable processing through the NemoVideo cloud API, and confirm exports when cost or confidentiality matters.
The skill can act against the NemoVideo API using the configured or generated token, including checking credits and starting render jobs.
The skill uses a NemoVideo bearer token or creates an anonymous token for access to the processing API. This is expected for the integrated service and there is no artifact evidence of token printing, hardcoding, or unrelated use.
Include `Authorization: Bearer <NEMO_TOKEN>` ... Free token: Generate a UUID as client identifier, then POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`
Use a token intended for this service, avoid sharing it elsewhere, and monitor credit usage if it is tied to an account.
You have less independent information about who operates or maintains the remote processing service.
The registry metadata does not provide a source repository or homepage for a skill that depends on an external cloud API. There is no local package or script provenance issue in the provided artifacts, but provider provenance is limited.
Source: unknown; Homepage: none
Verify the provider and service terms before uploading sensitive or valuable media.
Your project state, media metadata, and render job references may persist in the remote service during the session/job lifecycle.
The workflow uses session IDs and cloud-side draft/media state. This persistence is expected for render jobs, but it means video project context may remain associated with a session.
Save `session_id` from the response ... The session token carries render job IDs ... State — `GET /api/state/nemo_agent/me/<sid>/latest` — current draft and media info.
Avoid uploading sensitive footage unless you trust the service, and clear or abandon sessions according to the provider's controls if available.
A render may continue or become hard to track if you close the session before it finishes.
The skill discloses that an interrupted session can leave a cloud render job orphaned. This is limited to the render workflow, but users should know jobs may not cleanly stop if the session is interrupted.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Wait for exports to complete when possible, and check job/status information before starting duplicate renders.