Gif Compressor
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: gif-compressor Version: 1.0.0 The skill provides GIF compression and optimization services by interfacing with a cloud-based rendering API (nemovideo.ai). It includes standard logic for handling anonymous authentication, session management, and file uploads/downloads. While it requires network access and an environment variable (NEMO_TOKEN), these are strictly aligned with its stated purpose, and the instructions explicitly advise the agent against displaying sensitive token values to the user. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external service can associate uploads and render jobs with the token/session used by the skill.
The skill uses a bearer token and service session for the NemoVideo backend. This is expected for the stated cloud-rendering purpose and the instructions say not to display token values.
Check if `NEMO_TOKEN` is set... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token`... `Authorization: Bearer <token>`
Store the token securely, avoid sharing logs that might contain it, and use the skill only with a NemoVideo token you are comfortable using.
Private or confidential GIFs/videos may be sent to NemoVideo's servers for processing.
User-provided media is uploaded to an external cloud API for processing. This is disclosed and purpose-aligned, but it is a sensitive data boundary users should notice.
This tool takes your GIF files and runs GIF compression optimization through a cloud rendering pipeline... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart
Do not use the skill with sensitive media unless you are comfortable with that external cloud processing.
The cloud backend can guide the agent through upload, edit, state, and export actions within the media-processing session.
The agent is instructed to convert backend messages into API actions. The actions appear limited to the documented media workflow, but users should be aware that backend responses can drive in-skill operations.
The backend responds as if there's a visual interface. Map its instructions to API calls: "click" or "点击" → execute the action via the relevant endpoint... "Export" or "导出" → run the export workflow
Keep use user-directed and review outputs before relying on or sharing the generated files.