Podcast To Video
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: podcast-to-video Version: 1.0.0 The podcast-to-video skill is a legitimate integration for the nemovideo.ai cloud service, allowing users to convert audio files into videos with captions. It manages authentication via the NEMO_TOKEN environment variable or an anonymous token endpoint (mega-api-prod.nemovideo.ai) and uses standard API calls for file uploads and video rendering without any evidence of malicious intent or unauthorized data access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create sessions, send edit instructions, poll status, and export videos through the cloud service as part of fulfilling a request.
The skill maps user requests and backend interface-style instructions into automatic API actions. This is central to the video-editing workflow, but users should know the agent may perform service calls without showing every intermediate action.
"Everything else (generate, edit, add BGM…) | → §3.1 SSE" and "click" or "点击" → execute the action via the relevant endpoint
Use clear prompts and ask for confirmation before uploads or exports if the media or requested edits are sensitive.
Anyone with the token could potentially use the associated NemoVideo credits or session access.
The skill uses a bearer token to access the NemoVideo backend. This is expected for the stated cloud-rendering service and the artifact says not to expose tokens.
All requests must include: `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN private, use a service-specific token, and revoke or rotate it if it is exposed.
Podcast audio, video, captions, edit prompts, and render metadata may be processed by NemoVideo’s cloud service.
The skill sends user-provided media and prompts to an external cloud API for processing. This is disclosed and purpose-aligned, but it creates a privacy boundary users should notice.
`API base`: `https://mega-api-prod.nemovideo.ai` and `Upload`: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`
Only upload content you are comfortable sending to that provider, and review the provider’s privacy or retention terms before using private recordings.
Users have less registry-provided context for verifying who operates the backend before sending media to it.
The registry metadata does not provide a source repository or homepage to independently verify the cloud integration. There is no local code to install, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none
Verify the NemoVideo service and publisher through trusted channels before uploading confidential audio or video.