Ai Image To Video Miricanvas
PassAudited by ClawScan on May 4, 2026.
Overview
The skill is coherent for cloud-based image-to-video conversion, but users should notice that it sends media to a third-party API and uses a NemoVideo token/session.
This skill appears purpose-aligned for cloud image-to-video conversion. Before installing, understand that your uploaded media will be sent to mega-api-prod.nemovideo.ai and that a NEMO_TOKEN or anonymous session token will be used for processing and credits. Avoid sensitive media unless you trust the provider, and ask for confirmation before exports if credit usage matters.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A token may allow the skill to use the associated service account or credits for rendering.
The skill uses a bearer token for the NemoVideo/MiriCanvas processing service. This is expected for the cloud-rendering purpose, but it is still account or credit-bearing authority.
**Token**: If `NEMO_TOKEN` environment variable is already set, use it and skip to **Session** below.
Use a scoped or disposable token when possible, avoid sharing the token, and monitor credit usage.
Images, audio, prompts, and generated drafts may leave the local chat environment and be processed by the external service.
The skill clearly discloses that uploaded media and workflow messages are sent to an external cloud API. This is purpose-aligned, but the artifacts do not describe retention or privacy handling by that provider.
All calls go to `https://mega-api-prod.nemovideo.ai`... **Upload** — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs.
Only upload media you are comfortable sending to the provider, and check the provider’s privacy and retention terms if the content is sensitive.
Some render or edit actions may be driven by backend responses rather than shown as separate user-confirmed steps.
The skill instructs the agent to convert backend GUI-style responses into API actions. This is part of the intended integration, but it makes remote backend text influence subsequent tool actions.
| "click [button]" / "点击" | Execute via API |
Ask the agent to summarize planned edits or exports before credit-consuming actions, especially when using a paid token.
It may be harder to independently verify who operates the skill or how the external API is governed.
The registry metadata does not provide a source repository or homepage. Because there is no local code or install script, this is a provenance note rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Verify the service identity and terms before using it with sensitive or paid-account media.