Free Video Generator No Credits
PassAudited by ClawScan on Apr 30, 2026.
Overview
This instruction-only skill is broadly aligned with cloud video generation, but users should understand that prompts and media are sent to a third-party NemoVideo backend using a token-based session.
Before installing, be comfortable with sending video, image, audio, and prompt content to the NemoVideo cloud service. Keep NEMO_TOKEN private, verify the provider and pricing/credit terms, and only upload files you intentionally want processed remotely.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The remote backend can guide parts of the editing/export workflow after the user starts a task.
The skill instructs the agent to translate backend text into follow-up API actions. This is aligned with the cloud video workflow, but it means provider responses can influence the agent's next actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Use the skill for intended video tasks and review important actions such as uploads and exports before relying on the result.
Files or URLs selected for the workflow may be uploaded and processed remotely.
The skill exposes upload and render/export API operations. These are central to video generation, but users should notice that local files or URLs may be sent to the cloud service.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}` ... Export ... Poll GET ... until `status` = `completed`.Only provide media you intend to send to NemoVideo, and avoid uploading private or unrelated local files.
The token can identify the session and authorize video-rendering operations with the backend.
The skill uses or creates a NemoVideo bearer token. This is expected for the integrated cloud service, and the instructions say not to expose tokens.
Token check: Look for `NEMO_TOKEN` in the environment ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... Extract `data.token` from the response — this is your NEMO_TOKEN
Keep NEMO_TOKEN private and use a dedicated token for this service if possible.
Users have less registry-provided context for verifying who operates the backend service.
The skill has limited provenance information. There are no code files or install steps, so the local supply-chain risk is low, but the remote service identity is not independently described by the registry metadata.
Source: unknown; Homepage: none
Verify the NemoVideo service and domain before uploading sensitive or business-critical media.
Uploaded/generated media and draft state may be reused within the remote session to produce the final video.
The skill relies on remote session state and draft data to continue and export work. This is purpose-aligned, but state can contain user media and editing context.
Keep the returned `session_id` for all operations ... Session state: GET `/api/state/nemo_agent/me/<sid>/latest` — key fields: `data.state.draft`, `data.state.video_infos`, `data.state.generated_media`
Review the timeline or state summary before export, and avoid sending confidential content unless you trust the service.
The remote agent/provider receives prompts and may return workflow instructions for editing and rendering.
The skill communicates with a remote `nemo_agent` backend over SSE. The endpoint and bearer authentication are specified, but user prompts and workflow data leave the local agent context.
Send message (SSE): POST `/run_sse` — body `{"app_name":"nemo_agent","user_id":"me","session_id":"<sid>","new_message":{"parts":[{"text":"<msg>"}]}}`Treat the backend as a third-party processor and do not submit sensitive material unless that is acceptable.
A render job might continue running remotely after the user stops watching the session.
Render jobs can continue on the cloud backend even if the local UI/session is closed. This is a normal cloud-rendering concern, not evidence of malicious propagation.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Avoid starting unnecessary exports and wait for completion or provider-side cancellation options when available.
Users may rely on the free/no-credit claim without checking actual service limits or terms.
The skill uses strong promotional language about being free/no-credits while also referencing credits and token expiry. This is not evidence of malicious behavior, but users should verify service terms.
Free Video Generator No Credits ... `data.token` ... NEMO_TOKEN (100 free credits, 7-day expiry) ... Tip: you can re-render and adjust your video as many times as you need without losing credits.
Check credit, export, and retention terms before using the service for high-volume or important work.