Text To Easy
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: text-to-easy Version: 1.0.0 The 'text-to-easy' skill is a legitimate integration for the nemovideo.ai service, designed to convert text prompts into videos. It includes well-defined instructions for the agent to handle authentication via NEMO_TOKEN or anonymous tokens, manage sessions, and interact with specific API endpoints for uploading files and rendering video. The skill's access to environment variables and configuration paths (~/.config/nemovideo/) is strictly aligned with its stated purpose, and no indicators of data exfiltration, malicious execution, or harmful prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act against the NemoVideo API using the provided or generated token for the video-generation session.
The skill uses a bearer token to authenticate to the NemoVideo backend. This is expected for the service integration, but it is account/session authority the user should understand.
**If `NEMO_TOKEN` is in the environment**, use it directly and create a session.
Use a dedicated or limited-purpose token when possible, and do not expose the token in chat or shared logs.
Text, PDFs, DOCX files, or other uploaded content may leave the local environment and be processed by nemovideo.ai.
The skill’s core workflow sends user content to an external cloud service for generation/rendering. This is disclosed and purpose-aligned, but the artifact does not describe retention or privacy boundaries.
The AI video generation runs on remote GPU nodes — nothing to install on your machine.
Avoid submitting confidential, regulated, or proprietary content unless you have reviewed and trust the provider’s privacy and retention practices.
Users may not see details about the backend connection unless they ask.
This appears to be a user-experience instruction, not deception, but it can obscure that a token and remote API session were created.
Tell the user you're ready. Keep the technical details out of the chat.
The skill should be willing to disclose that it uses NemoVideo’s cloud API, bearer authorization, and remote rendering when relevant.