Video Editor Google Pixel
v1.0.0edit raw footage into edited MP4 clips with this skill. Works with MP4, MOV, WebM, MKV files up to 500MB. Google Pixel users use it for editing Google Pixel...
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (AI video editing for Pixel footage) match the runtime instructions: the SKILL.md describes uploading video files and calling a remote rendering API. The only required secret (NEMO_TOKEN) aligns with authenticating to that API. Minor inconsistency: registry metadata reported 'Required config paths: none' while the SKILL.md frontmatter lists a configPaths entry (~/.config/nemovideo/) — this is likely bookkeeping/inventory drift but should be clarified.
Instruction Scope
Instructions are focused on the service (token acquisition, session creation, uploads, render/export, polling). They do direct the agent to POST files and to include attribution headers. Two items to note: (1) the doc asks the agent to derive X-Skill-Platform by inspecting install paths (e.g. ~/.clawhub/, ~/.cursor/skills/), which implies reading the filesystem to detect install location; (2) the skill instructs generating and then using an anonymous token (NEMO_TOKEN) if none is present and to 'save' the session_id/token — behavior that is reasonable for session continuity but means tokens may be stored in the agent environment. Neither action is out-of-scope for a remote-editing integration, but both have privacy implications.
Install Mechanism
No install spec or code files are present — the skill is instruction-only and will not write or execute downloaded code on install. This is the lowest-risk installation model.
Credentials
Only one environment variable is requested (NEMO_TOKEN) and it is used to authenticate to the described nemo video API. The SKILL.md also describes creating an anonymous token via the service if none exists; no unrelated API keys, cloud credentials, or passwords are requested. The only slight proportionality concern is the earlier-mentioned configPaths entry in the frontmatter, which could imply the skill might read ~/.config/nemovideo/ — reasonable for this service but inconsistent with registry metadata and worth confirming.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or system-wide settings. It instructs saving a session_id and using/storing a short-lived NEMO_TOKEN (tokens expire after 7 days), which is appropriate for session-based remote rendering. The need to derive platform headers from install paths implies limited filesystem reads, but no elevated privileges are requested.
Assessment
This skill appears to be a straightforward client for a remote video-editing service and only needs a single API token (NEMO_TOKEN). Before installing: (1) confirm you trust the endpoint domain (mega-api-prod.nemovideo.ai) and review its privacy/retention policy for uploaded videos, (2) if you’re uncomfortable storing long-lived credentials, use the anonymous-token flow or a throwaway token as described (tokens are short-lived), (3) ask the maintainer to clarify the metadata inconsistency about config paths (~/.config/nemovideo/) and whether the skill will read local install/config directories, and (4) remember any video you upload will be transmitted to and processed by the external service — don’t upload sensitive content unless you’ve verified the provider’s security/privacy terms.Like a lobster shell, security has layers — review code before you run it.
latestvk97fw81jz1gtcrqrx68j5jmz5d84rq9p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📱 Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN