Music To Video Ai
PassAudited by ClawScan on Apr 30, 2026.
Overview
This instruction-only skill appears purpose-aligned, but it automatically uses the NemoVideo cloud service, a token, and remote rendering for user media.
This skill is reasonable for cloud-based music-to-video conversion, but only install and use it if you are comfortable sending your media and prompts to mega-api-prod.nemovideo.ai and using a NemoVideo token or anonymous service credits. Avoid uploading confidential or unreleased material unless you trust the provider.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The remote service can shape how the agent proceeds with edits and generation after the user gives a request.
Broad editing and generation requests are delegated to the remote SSE backend, whose responses are then used to guide the workflow. This is purpose-aligned for cloud video editing but means external service responses influence agent behavior.
Everything else (generate, edit, add BGM…) | → §3.1 SSE
Use the skill only for media workflows where you are comfortable letting the NemoVideo backend guide the editing process.
User-selected files may be uploaded and export jobs may consume service credits.
The skill exposes upload, SSE editing, credit checking, state fetching, and render-export API operations. These actions are expected for cloud video generation, but they can send user files and start render jobs.
/api/upload-video/nemo_agent/me/<sid> | POST | Upload a file (multipart) or URL.
Confirm the media and export request before using the upload or render features, especially for large or private files.
The token authorizes actions against the NemoVideo API, including session creation, uploads, state checks, and exports.
The skill requires a NemoVideo bearer token and can also obtain an anonymous token for free credits. This is expected for the integrated service but gives the skill access to that service account or credit balance.
Every API call needs Authorization: Bearer <NEMO_TOKEN>
Use a token intended for this service, avoid sharing it elsewhere, and revoke or rotate it if you no longer trust the skill or provider.
Users have limited independent information about the skill publisher or backend provenance before sending media to the service.
The registry metadata does not provide a source repository or homepage, while the skill relies on a remote backend. This is a provenance transparency gap, though there is no install-time code or hidden dependency in the provided artifacts.
Source: unknown; Homepage: none
Review the service domain and provider trustworthiness before uploading valuable or private media.
Project state and render context can persist across requests within the backend session.
The skill reuses a server-side session identifier and fetches latest timeline state across requests. This is expected for an editing session but creates persistent task context tied to the token/session.
Store the returned session_id for all subsequent requests.
Avoid mixing unrelated or sensitive projects in the same session, and treat the session as containing your uploaded media and editing history.
Uploaded audio, video, images, prompts, and related project state may be processed by the NemoVideo backend.
The skill sends media and prompts to an external cloud rendering service. This is clearly aligned with the stated purpose, but users should understand that files are processed outside the local environment.
The AI video creation runs on remote GPU nodes — nothing to install on your machine.
Do not upload confidential, unreleased, or rights-sensitive media unless you trust the external provider and its terms.
An interrupted export may continue or become detached from the user session, potentially wasting time or credits.
Render jobs are queued on remote GPU nodes and can become orphaned if the session is closed. This is disclosed, but it is a failure mode users should notice because it can leave backend work in progress.
closing the tab before completion orphans the job.
Keep the session open until exports finish, and check job state or credits if an export is interrupted.