Image To Video Luma
PassAudited by ClawScan on May 4, 2026.
Overview
This instruction-only skill is coherent for cloud image-to-video generation, but users should know it uses a Nemo Video token and sends uploaded media to a third-party backend.
This skill appears purpose-aligned and not malicious based on the supplied artifacts. Before using it, make sure you are comfortable sending images and prompts to `mega-api-prod.nemovideo.ai`, keep NEMO_TOKEN secret, and avoid uploading sensitive media unless you trust the service's privacy and retention practices.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may contact the remote backend and create a service session before generation begins.
The skill authorizes automatic remote auth/session setup when the user invokes it. This is disclosed and needed for the cloud service, but it is still an automatic network action users should notice.
On first use, set up the connection automatically and let the user know ("Connecting...").Use it only when you intend to connect to the cloud backend, and confirm before uploading private media.
Anyone with the token could potentially use the associated service credits or session access.
The skill uses a bearer token to authenticate to the Nemo Video backend. This credential use is expected for the stated purpose and the artifact includes a token-handling caution.
Look for `NEMO_TOKEN` in the environment... Extract `data.token` from the response — this is your NEMO_TOKEN... Don't expose tokens or raw API output.
Keep NEMO_TOKEN private, avoid sharing logs containing headers, and rotate or replace it if exposed.
Private photos, prompts, URLs, and generated media metadata may leave the local environment for cloud processing.
The artifact clearly shows that images, prompts, and related session data are sent to an external cloud provider for processing.
This tool takes your still images and runs AI video generation through a cloud rendering pipeline... Upload: POST `/api/upload-video/nemo_agent/me/<sid>`
Only upload media you are comfortable sending to the listed backend, and review the provider's privacy and retention terms before using sensitive images.