Best Video Editing Laptops
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only skill is a disclosed cloud video-editing connector, but users should understand that selected videos and a provider token/session are handled by a third-party backend.
Install this only if you want a cloud service to process your video files. Use non-sensitive footage first, keep the NEMO_TOKEN private, and be aware that first use may automatically contact nemovideo.ai and create a temporary anonymous session.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill is delegating access to a nemovideo.ai token/session for video processing actions.
The skill uses a provider bearer token to authenticate API requests. This is expected for a cloud video-editing integration, but it gives the skill authority to create sessions, upload media, check credits, and request renders for that provider account or anonymous token.
**Authentication**: Check if `NEMO_TOKEN` is set in the environment. If it is, skip to step 2.
Use a dedicated token when possible, avoid sharing token values, and revoke or rotate the token if you no longer trust the skill or provider.
Videos, images, audio, or URLs provided for editing may leave the local environment and be processed by the third-party cloud service.
The skill sends user-selected video files or URLs to the external nemovideo.ai backend. This is central to the editing purpose and is disclosed, but it is still a sensitive data flow.
**Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL: `{"urls":["<url>"],"source_type":"url"}`Do not upload confidential, private, or regulated footage unless you are comfortable with the provider handling it and have reviewed the provider’s privacy and retention terms.
Opening the skill may create a provider-side anonymous token/session before a video is uploaded.
The skill tells the agent to make an automatic backend connection and, if needed, request an anonymous token. This setup action is disclosed and purpose-aligned, but users should know the first launch contacts a third-party service.
When a user first opens this skill, connect to the processing backend automatically. Briefly let them know (e.g. "Setting up...").
Only enable the skill if you are comfortable with automatic setup calls to nemovideo.ai, and monitor any provider account or credit usage.
A render job might continue on the provider backend even if the local session is closed, and it may be harder to track or cancel afterward.
The artifact discloses that cloud render jobs may continue or become orphaned if the user closes the tab. This is not hidden persistence, but it is a relevant operational persistence detail.
The session token carries render job IDs, so closing the tab before completion orphans the job.
Let render jobs finish before closing the session, avoid starting unnecessary jobs, and check provider controls for cancellation or cleanup if available.
Users have less independent information for verifying who maintains the skill or how the external service handles uploaded media.
The registry metadata provides limited provenance for a skill that directs media and authenticated requests to an external cloud API. There is no code package to inspect, but users also have no homepage or source link to verify the provider relationship.
Source: unknown; Homepage: none
Verify the provider and publisher through trusted channels before uploading sensitive files.