Free Text Image
PassAudited by ClawScan on May 6, 2026.
Overview
This is a purpose-aligned cloud image/video generation skill, but users should know it sends prompts/files to a third-party NEMO backend and uses or creates a NEMO_TOKEN.
Install only if you are comfortable using the NEMO cloud backend. Avoid sending confidential prompts or private media, use a dedicated NEMO_TOKEN if possible, and ask the agent to confirm before uploading files, exporting results, or using account credits.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may send content or request actions expecting an image-only tool while the workflow also supports video rendering/export.
The artifact describes both image generation and video/MP4 rendering, which is not clearly malicious but could surprise users expecting only static image output.
displayName: "Free Text Image — Generate Images From Text" ... "you get 1080p MP4 files" ... "Cloud Render Pipeline Details"
Clarify expected output type before use, especially before uploading private media or requesting export.
The agent may continue generation/export steps within the NEMO service based on backend responses rather than showing every raw API step to the user.
The skill tells the agent to convert backend UI-style responses into API operations. This fits the remote-rendering purpose, but it means backend responses can drive follow-up service actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Confirm with the user before uploads, exports, or any action that may consume credits or publish/share a downloadable result.
A provided account token could allow the agent to act in that NEMO account and potentially consume available credits.
The skill uses or creates a bearer token for the NEMO cloud service. This is expected for the integration, and the artifact also says not to expose tokens.
Look for `NEMO_TOKEN` in the environment... Otherwise: ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... this is your NEMO_TOKEN
Use a dedicated or low-privilege token where possible, and avoid providing a token tied to billing or sensitive account data unless you trust the service.
Text prompts and uploaded media may leave the local environment and be processed by the third-party backend.
Prompts, files, URLs, session identifiers, and generated media workflows are sent to an external backend. This is disclosed and central to cloud rendering.
This skill connects to a cloud processing backend... **API base**: `https://mega-api-prod.nemovideo.ai` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>`
Do not send confidential prompts, private images, or sensitive media unless you are comfortable with the backend provider processing them.
Users have less external context for verifying who operates the backend or how the service handles uploaded content.
The skill is instruction-only and has no local code to inspect, but the registry metadata does not provide a source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Review the provider and only use the skill for content you are comfortable sending to an unknown-source cloud integration.