Video Creator Ai
PassAudited by ClawScan on Apr 30, 2026.
Overview
This instruction-only skill appears aligned with cloud video creation, but it will send your media and prompts to Nemo Video and use or create a service token.
Install this only if you are comfortable using Nemo Video's cloud backend for your media. Do not upload private, confidential, or regulated images, clips, audio, or prompts unless you trust the provider and understand how the service handles that data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A backend response could cause the agent to take additional video-editing or export steps within the Nemo session.
The remote backend's text can be translated into agent actions, which is useful for the intended GUI-to-API workflow but makes provider responses influential over follow-up actions.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Use the skill for clearly scoped video projects and review the resulting draft or export before relying on it.
Files, URLs, and project details may be sent to the remote video service as part of normal operation.
The skill can upload user-supplied local files or URLs to the cloud backend, which is central to video creation but should only be done for media the user intends to share.
Upload: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Only provide media and URLs you are comfortable uploading to the Nemo Video backend.
The skill will operate under a Nemo Video token that may identify a free-credit anonymous session or a user-provided credential.
The skill uses or obtains a bearer token for the Nemo Video API. This is expected for a cloud service integration, and the instructions also say not to expose tokens.
Look for `NEMO_TOKEN` in the environment... Otherwise: Generate a UUID as client identifier; POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`...
Use a dedicated token when possible and avoid sharing the token or logs that contain it.
Users have limited registry-level provenance information for the publisher or service behind the skill.
The registry metadata does not provide a source or homepage for provenance review, although the skill itself has no installable code or package dependencies.
Source: unknown; Homepage: none
Verify that you trust the Nemo Video service and the skill publisher before uploading private media.
Mixing unrelated projects or sensitive content in the same session could affect later video operations or expose context to the backend session.
The workflow depends on a remote session and session state, so project context can influence later edits and exports during the same workflow.
Keep the returned `session_id` for all operations.
Use separate sessions for separate projects, especially when working with sensitive media.
Prompts, media references, draft state, and edits may be processed by the remote Nemo agent/service.
The skill communicates with a remote agent/service named `nemo_agent` using the user's session and message content. This is disclosed and purpose-aligned, but it is still a cross-service data boundary.
Send message (SSE): POST `/run_sse` — body `{"app_name":"nemo_agent","user_id":"me","session_id":"<sid>","new_message":{"parts":[{"text":"<msg>"}]}}`Avoid sending confidential or regulated media unless you are comfortable with the provider processing it.