Doorstep Video Easy
PassAudited by ClawScan on May 5, 2026.
Overview
This is a coherent cloud video-editing skill, but it will contact Nemo Video, use or create a token, and upload selected footage to remote servers.
This skill appears purpose-aligned and has no local code to install, but it is a cloud service integration. Before using it, make sure you are comfortable sending the selected video to Nemo Video, avoid uploading highly sensitive residential/security footage unless you trust the provider, and use a limited token where possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Videos you provide may leave your device and be processed by Nemo Video's remote infrastructure.
The skill clearly sends user-provided video to an external cloud API for processing. This is central to the purpose, but doorstep or entry-area footage can contain private people, locations, or security information.
"Send me your raw footage" ... "The AI video editing runs on remote GPU nodes" ... "Upload — POST /api/upload-video/nemo_agent/me/<sid>"
Only upload footage you are comfortable sending to the external provider, and check the provider's privacy and retention terms before using sensitive security or residential video.
If you provide a Nemo Video token, the agent can use that token to create sessions and run video-processing actions under that account or token allocation.
The skill uses a bearer token for the Nemo Video API. This is expected for the service integration, and the skill also says not to print tokens.
"If `NEMO_TOKEN` environment variable is already set, use it" ... "All requests must include: `Authorization: Bearer <NEMO_TOKEN>`"
Use a dedicated or limited token if possible, avoid sharing paid or high-privilege credentials unnecessarily, and revoke the token if you no longer use the skill.
Using the skill may create an API session and later upload, edit, poll, or export videos through the remote service.
The instructions tell the agent to make API calls automatically when the skill is first used. This is consistent with a cloud rendering workflow, but users should know that invocation triggers external network setup.
"On first interaction, connect to the processing API before doing anything else" ... "POST to `https://mega-api-prod.nemovideo.ai/api/tasks/me/with-session/nemo_agent`"
Invoke the skill only when you intend to use the cloud service, and review/confirm uploads or exports involving sensitive clips.
You have fewer built-in signals for verifying who operates the skill or where to review its service terms.
The artifacts do not include local executable code, but the skill relies on an external cloud API while providing limited provenance metadata for the publisher or service.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the provider and service terms independently before sending private footage or using valuable account credentials.