Text To Video Benchmark
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Video generation, credits, and session actions run under the NemoVideo token available to the agent.
The skill uses or creates a provider bearer token for NemoVideo API access. This is expected for the service, but it is still credentialed account/session authority.
Look for `NEMO_TOKEN` in the environment. If found, skip to session creation. Otherwise: ... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... this is your NEMO_TOKEN
Use a token intended only for this service, avoid exposing it in chat or logs, and rotate or remove it if you stop using the skill.
Prompts, documents, CSV/JSON data, media files, or URLs you provide may be transmitted to and processed by NemoVideo.
The workflow sends user-selected files or URLs to an external cloud backend for processing.
Upload your text prompts (TXT, DOCX, CSV, JSON, up to 500MB) ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`, or URL
Only upload content you are comfortable sending to that provider, and avoid secrets, private customer data, or regulated data unless you have reviewed the provider’s terms and privacy controls.
A generation or export request may create remote render jobs and keep polling until completion.
The skill instructs the agent to run multi-step remote API workflows, including long-running SSE calls and polling for render completion. This is aligned with cloud rendering, but it can consume time or service credits.
**Send message (SSE)**: POST `/run_sse` ... Max timeout: 15 minutes. ... **Export** ... Poll GET `/api/render/proxy/lambda/<id>` every 30s until `status` = `completed`.
Confirm large uploads or expensive renders before proceeding, monitor credits/status, and keep the session available until the job completes.
The external service’s responses may influence follow-up actions such as editing, querying state, or exporting a render.
Provider-generated responses can guide follow-up API actions inside the same service. The behavior is disclosed and purpose-aligned, but the agent should not treat backend text as authority to exceed the user's request.
The backend responds as if there's a visual interface. Map its instructions to API calls: ... "click" ... → execute the action via the relevant endpoint ... "Export" ... → run the export workflow
Keep backend-directed actions within the user’s stated intent and ask for confirmation before materially changing, exporting, or spending credits on a project.