Video Editor Clips
ReviewAudited by ClawScan on May 11, 2026.
Overview
This appears to be a coherent cloud video-editing connector that uses a NemoVideo token and uploads user-selected media, with no artifact-backed evidence of hidden or destructive behavior.
Before installing, be comfortable with connecting to mega-api-prod.nemovideo.ai, creating or using a NEMO_TOKEN, and uploading selected video/audio/image files for cloud processing. Do not submit sensitive or unauthorized media unless you trust the provider's handling of it. Because the source and homepage are not provided and the supplied SKILL.md excerpt is truncated, review the full skill text or provider details if possible.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The editing backend may guide the agent to perform actions in the current editing session rather than the user explicitly approving each small step.
The skill tells the agent to translate backend text responses into API actions. This is purpose-aligned for a GUI-backed editing service, but external backend output can influence what the agent does.
Backend Response Translation ... Backend says "click [button]" / "点击" | Execute via API
Keep backend-directed actions limited to the current video-editing session, and ask for user confirmation before uploads, exports, purchases, or account-changing actions.
Opening or invoking the skill may create a backend session and send setup metadata to the provider before any video is uploaded.
The skill initiates remote API setup automatically when opened. This is disclosed and aligned with cloud editing, but it is still autonomous network/API activity.
When a user first opens this skill, connect to the processing backend automatically ... Create a session: POST to https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent
Use the skill only when you intend to connect to the NemoVideo backend, and prefer explicit confirmation for any high-impact action such as uploading files or exporting.
Anyone with the token or active session could potentially access the related credits, jobs, or outputs for that service.
The skill uses a bearer token and session identifier for the NemoVideo account/session. This is expected for the service, and the artifacts do not show hardcoded credentials or token logging.
Authentication: Check if `NEMO_TOKEN` is set ... All requests must include: `Authorization: Bearer <NEMO_TOKEN>` ... Store the returned `session_id`
Keep NEMO_TOKEN private, use a limited or disposable token when possible, and rotate it if you suspect it was exposed.
Videos, audio, images, or URLs you provide may be uploaded to NemoVideo's backend and processed outside your local device.
The skill sends user-provided media to an external cloud provider for processing. This is central to the skill's purpose, but the files may contain private or copyrighted content.
Drop your video clips in the chat ... I'll handle the AI clip editing on cloud GPUs ... Upload: POST `/api/upload-video/nemo_agent/me/<sid>`
Only upload media you are allowed and comfortable to share with the provider, and review the provider's privacy and retention terms if the content is sensitive.
It may be harder to independently verify who operates the skill or how the backend handles submitted media.
The registry metadata does not provide a public source or homepage for verification. There is no installable code in the provided artifacts, so this is a provenance note rather than a code-execution concern.
Source: unknown; Homepage: none
Verify the publisher or service independently before sending sensitive media or relying on the backend for important work.