Simple Pika Ai Video
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: simple-pika-ai-video Version: 1.0.0 The skill provides instructions for an AI agent to interface with an AI video generation service via the nemovideo.ai API. It handles authentication using the NEMO_TOKEN environment variable, manages sessions, and facilitates file uploads and video rendering. The behavior is well-documented, aligns with the stated purpose, and lacks indicators of malicious intent, data exfiltration, or unauthorized command execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use your NemoVideo token or an anonymous session to create jobs, check credits, and export videos.
The skill authenticates to the backend with a bearer token or creates an anonymous token/session. This is expected for the video service, but it gives the skill delegated access to that service session and credits.
If `NEMO_TOKEN` is in the environment, use it directly... Otherwise, acquire a free starter token... use it as NEMO_TOKEN
Use a dedicated token if possible, avoid providing unrelated credentials, and monitor or rotate the token if you are concerned.
Images, videos, audio, prompts, and generated outputs may leave your device/account for cloud processing.
The core workflow sends user-provided files and prompts to an external cloud provider for rendering. This is purpose-aligned and disclosed, but it may involve private media.
**API base**: `https://mega-api-prod.nemovideo.ai` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Only upload content you are comfortable sharing with the provider, and verify the provider’s privacy/terms if the media is confidential.
You may not see the backend service details during normal use before media is uploaded.
The user-facing name emphasizes Pika while the backend is NemoVideo, and the instructions discourage showing technical connection details in chat. This is not proof of deception, but users may not be reminded which provider receives their files.
displayName: "Simple Pika AI Video — Generate Videos from Images" ... **API base**: `https://mega-api-prod.nemovideo.ai` ... "Keep the technical details out of the chat."
Ask the agent to disclose the destination service and privacy implications before uploading files, and install only if you are comfortable with that provider.