Ai Video Editor Opus
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-video-editor-opus Version: 1.0.0 The skill is a functional integration for a cloud-based video editing service (nemovideo.ai). It provides detailed instructions for an AI agent to manage sessions, upload media, and poll for rendered video exports. While it includes automated token acquisition and platform telemetry (detecting install paths like ~/.clawhub/), these behaviors are transparently documented and align with the stated purpose of providing a seamless 'AI Video Editor' experience without evidence of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Selected videos can leave your device and exports may consume provider credits or create remote render jobs.
The skill can upload user media and trigger remote export jobs. This is central to the stated video-editing purpose, but it is still a meaningful external action.
Upload — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs. ... Export — `POST /api/render/proxy/lambda` with render ID and draft JSON.
Only provide files you intend to process in the cloud, and make export requests explicit when credits or final outputs matter.
Anyone with the token could potentially use the associated NemoVideo session or credits until it expires or is revoked.
The skill requires or creates a NemoVideo bearer token for API access. That credential use is disclosed and purpose-aligned, with no evidence of logging, hardcoding, or unrelated transmission.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>` ... If found, skip to session creation. Otherwise: ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`
Treat NEMO_TOKEN as a secret and avoid sharing logs or transcripts that might include it.
Backend messages may cause additional edit, state, or export calls inside the same service workflow.
The skill instructs the agent to translate provider/backend responses into API actions. This is expected for a GUI-backed cloud editor, but it means remote responses can influence follow-up workflow steps.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
Keep this skill limited to NemoVideo editing tasks, and require clear user intent before sensitive steps such as uploading private footage or exporting.