Ai Image To Video Deepfake

v1.0.0

Skip the learning curve of professional editing software. Describe what you want — animate this photo into a realistic talking video clip — and get animated...

⭐ 0· 48·0 current·0 all-time

by@whitejohnk-26

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (animate photos into video) align with the runtime instructions (upload images, call a cloud render API). Requesting a service token (NEMO_TOKEN) and upload endpoints is coherent with the stated purpose. However, the skill has no homepage/source and uses an unverified backend domain (mega-api-prod.nemovideo.ai), so provenance and operator identity are unclear.

Instruction Scope

Instructions direct the agent to obtain an anonymous token (POST to an external auth endpoint) if NEMO_TOKEN is not set, create sessions, upload user images, stream SSE responses, poll state, and include custom attribution headers. The flow will transmit potentially sensitive image/audio files to an external service. The guidance to 'keep setup communication brief' and 'don't display raw API responses or token values' obscures visibility into tokens/requests. The skill also asks the agent to read its own YAML frontmatter and detect install paths (filesystem access), which may require filesystem inspection. The token-generation/storage behavior is underspecified (where/how tokens/session IDs are stored), which is a privacy/security concern.

✓

Install Mechanism

No install spec or code files are present (instruction-only), so nothing is written to disk by an installer. This minimizes supply-chain/install risk compared to downloadable installers.

Credentials

The only declared required credential is NEMO_TOKEN, which is appropriate for an API-backed service. However: (1) the skill will auto-provision anonymous tokens if none are supplied, so it may create/handle credentials without explicit user-provided secrets; (2) metadata references a config path (~/.config/nemovideo/) implying the skill may read or expect files there; and (3) the required headers and token usage are mandatory for exports. Because image uploads are sensitive, automatic token issuance and unclear storage increase risk if the backend/operator is untrusted.

✓

Persistence & Privilege

The skill does not request always:true and is user-invocable only. There is no instruction to modify other skills or system-wide settings. It requests session persistence (session_id) for operation, which is normal for a remote service.

What to consider before installing

This skill will upload the images/audio you provide to an external service (mega-api-prod.nemovideo.ai) and may create and manage anonymous API tokens for you. Before installing or using it: 1) Confirm you trust the service operator and review their privacy/terms (there is no homepage/source provided here). 2) Do not upload photos of other people without explicit consent — deepfakes can be abused and may violate law or policy. 3) Prefer providing your own NEMO_TOKEN (so you control credential provisioning) rather than letting the skill auto-generate/store anonymous tokens. 4) Ask how and where the token/session_id will be stored; avoid skills that silently write secrets to disk or environment variables. 5) If you must use it, limit scope: disable autonomous invocation where possible, monitor network calls, and avoid uploading highly sensitive images. If provenance remains unclear or you cannot obtain a privacy policy from the operator, do not install or use this skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎭 Clawdis

EnvNEMO_TOKEN

Primary envNEMO_TOKEN

latestvk97a6pr0crya0d0013b62y191h84ss6s

48downloads

0stars

1versions

Updated 6d ago

v1.0.0

MIT-0

Getting Started

Share your images and I'll get started on AI deepfake video generation. Or just tell me what you're thinking.

Try saying:

"convert my images"
"export 1080p MP4"
"animate this photo into a realistic"

First-Time Connection

When a user first opens this skill, connect to the processing backend automatically. Briefly let them know (e.g. "Setting up...").

Authentication: Check if NEMO_TOKEN is set in the environment. If it is, skip to step 2.

Obtain a free token: Generate a random UUID as client identifier. POST to https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token with header X-Client-Id set to that UUID. The response data.token is your NEMO_TOKEN — 100 free credits, valid 7 days.
Create a session: POST to https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent with Authorization: Bearer <token>, Content-Type: application/json, and body {"task_name":"project","language":"<detected>"}. Store the returned session_id for all subsequent requests.

Keep setup communication brief. Don't display raw API responses or token values to the user.

AI Image to Video Deepfake — Animate Photos into Video Clips

This tool takes your images and runs AI deepfake video generation through a cloud rendering pipeline. You upload, describe what you want, and download the result.

Say you have a single portrait photo of a person and want to animate this photo into a realistic talking video clip — the backend processes it in about 1-2 minutes and hands you a 1080p MP4.

Tip: high-resolution front-facing photos produce the most realistic results.

Matching Input to Actions

User prompts referencing ai image to video deepfake, aspect ratio, text overlays, or audio tracks get routed to the corresponding action via keyword and intent classification.

User says...	Action	Skip SSE?
"export" / "导出" / "download" / "send me the video"	→ §3.5 Export	✅
"credits" / "积分" / "balance" / "余额"	→ §3.3 Credits	✅
"status" / "状态" / "show tracks"	→ §3.4 State	✅
"upload" / "上传" / user sends file	→ §3.2 Upload	✅
Everything else (generate, edit, add BGM…)	→ §3.1 SSE	❌

Cloud Render Pipeline Details

Each export job queues on a cloud GPU node that composites video layers, applies platform-spec compression (H.264, up to 1080x1920), and returns a download URL within 30-90 seconds. The session token carries render job IDs, so closing the tab before completion orphans the job.

Base URL: https://mega-api-prod.nemovideo.ai

Endpoint	Method	Purpose
`/api/tasks/me/with-session/nemo_agent`	POST	Start a new editing session. Body: `{"task_name":"project","language":"<lang>"}`. Returns `session_id`.
`/run_sse`	POST	Send a user message. Body includes `app_name`, `session_id`, `new_message`. Stream response with `Accept: text/event-stream`. Timeout: 15 min.
`/api/upload-video/nemo_agent/me/<sid>`	POST	Upload a file (multipart) or URL.
`/api/credits/balance/simple`	GET	Check remaining credits (`available`, `frozen`, `total`).
`/api/state/nemo_agent/me/<sid>/latest`	GET	Fetch current timeline state (`draft`, `video_infos`, `generated_media`).
`/api/render/proxy/lambda`	POST	Start export. Body: `{"id":"render_<ts>","sessionId":"<sid>","draft":<json>,"output":{"format":"mp4","quality":"high"}}`. Poll status every 30s.

Accepted file types: mp4, mov, avi, webm, mkv, jpg, png, gif, webp, mp3, wav, m4a, aac.

Skill attribution — read from this file's YAML frontmatter at runtime:

X-Skill-Source: ai-image-to-video-deepfake
X-Skill-Version: from frontmatter version
X-Skill-Platform: detect from install path (~/.clawhub/ → clawhub, ~/.cursor/skills/ → cursor, else unknown)

All requests must include: Authorization: Bearer <NEMO_TOKEN>, X-Skill-Source, X-Skill-Version, X-Skill-Platform. Missing attribution headers will cause export to fail with 402.

Error Handling

Code	Meaning	Action
0	Success	Continue
1001	Bad/expired token	Re-auth via anonymous-token (tokens expire after 7 days)
1002	Session not found	New session §3.0
2001	No credits	Anonymous: show registration URL with `?bind=<id>` (get `<id>` from create-session or state response when needed). Registered: "Top up credits in your account"
4001	Unsupported file	Show supported formats
4002	File too large	Suggest compress/trim
400	Missing X-Client-Id	Generate Client-Id and retry (see §1)
402	Free plan export blocked	Subscription tier issue, NOT credits. "Register or upgrade your plan to unlock export."
429	Rate limit (1 token/client/7 days)	Retry in 30s once

Reading the SSE Stream

Text events go straight to the user (after GUI translation). Tool calls stay internal. Heartbeats and empty data: lines mean the backend is still working — show "⏳ Still working..." every 2 minutes.

About 30% of edit operations close the stream without any text. When that happens, poll /api/state to confirm the timeline changed, then tell the user what was updated.

Translating GUI Instructions

The backend responds as if there's a visual interface. Map its instructions to API calls:

"click" or "点击" → execute the action via the relevant endpoint
"open" or "打开" → query session state to get the data
"drag/drop" or "拖拽" → send the edit command through SSE
"preview in timeline" → show a text summary of current tracks
"Export" or "导出" → run the export workflow

Draft field mapping: t=tracks, tt=track type (0=video, 1=audio, 7=text), sg=segments, d=duration(ms), m=metadata.

Timeline (3 tracks): 1. Video: city timelapse (0-10s) 2. BGM: Lo-fi (0-10s, 35%) 3. Title: "Urban Dreams" (0-3s)

Common Workflows

Quick edit: Upload → "animate this photo into a realistic talking video clip" → Download MP4. Takes 1-2 minutes for a 30-second clip.

Batch style: Upload multiple files in one session. Process them one by one with different instructions. Each gets its own render.

Iterative: Start with a rough cut, preview the result, then refine. The session keeps your timeline state so you can keep tweaking.

Tips and Tricks

The backend processes faster when you're specific. Instead of "make it look better", try "animate this photo into a realistic talking video clip" — concrete instructions get better results.

Max file size is 200MB. Stick to JPG, PNG, WEBP, HEIC for the smoothest experience.

Export as MP4 for widest compatibility.

Comments

Loading comments...