ClawHub

Ai Text To Best

v1.0.0

Skip the learning curve of professional editing software. Describe what you want — turn this text into a short video with visuals and voiceover — and get AI-...

0· 53·0 current·0 all-time
by@whitejohnk-26
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description align with a cloud video-rendering backend and the SKILL.md consistently calls out the nemovideo.ai API and a NEMO_TOKEN bearer credential — this is coherent. However, the metadata lists a required config path (~/.config/nemovideo/) that is not referenced in the runtime instructions; that suggests the skill may read or write a local config directory (e.g., to store tokens) but the behavior is not documented.
Instruction Scope
The SKILL.md limits actions to creating/using a session on the nemovideo.ai API, uploading user-supplied files, streaming SSE messages, polling render status, and returning download URLs. It does not instruct the agent to read arbitrary system files or other credentials. It explicitly instructs not to expose tokens or raw API output.
Install Mechanism
There is no install spec or code to run; this is an instruction-only skill. That minimizes the risk of arbitrary code being written to disk.
Credentials
Only one env var (NEMO_TOKEN) is declared as required and is the expected credential for the described API. This is proportionate. Minor concerns: metadata also lists a config path (implying access to ~/.config/nemovideo/) and the skill asks the agent to 'auto-detect' an install path for X-Skill-Platform header—both imply additional filesystem inspection beyond just reading a single env var and should be documented/justified.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. Still, the declared config path suggests it might read or write under the user's home config directory; the SKILL.md does not explain whether session tokens or client IDs are persisted to disk, so verify persistence behavior before granting file access.
Assessment
This skill appears to be what it claims: a thin integration that calls a nemovideo.ai backend using a single NEMO_TOKEN credential. Before installing, ask the publisher to confirm: (1) why ~/.config/nemovideo/ is declared in metadata and whether the skill will read or write files there (and what it stores), (2) whether the anonymous token endpoint will ever cause persistent credentials to be written to disk, and (3) whether any uploaded files are forwarded to third parties beyond nemovideo.ai. If you plan to upload sensitive content, avoid using this skill until you confirm the provider's privacy/storage policy. Also consider running it in an environment that restricts filesystem access if you want to limit potential token persistence.

Like a lobster shell, security has layers — review code before you run it.

latestvk970avv04vndssx5br97ys662184nxye

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✍️ Clawdis
EnvNEMO_TOKEN
Primary envNEMO_TOKEN

Comments