Text To Video High Quality
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: text-to-video-high-quality Version: 1.0.0 The skill provides a functional integration for a text-to-video generation service hosted at nemovideo.ai. It includes detailed instructions for the agent to manage authentication (via NEMO_TOKEN or anonymous UUID generation), session handling, and file uploads for processing. The logic is transparent, includes security-conscious directives such as suppressing the display of raw API tokens to the user, and its network activities are strictly limited to the stated service provider's API endpoints.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private scripts, documents, or media uploaded for video generation may be processed by the external provider.
The skill is designed to send user-provided prompts and potentially large documents/media to an external cloud video service.
Upload TXT, DOCX, PDF, SRT files up to 500MB ... All calls go to `https://mega-api-prod.nemovideo.ai`.
Use only if you are comfortable sending the content to NemoVideo; avoid confidential files unless you trust the provider and its retention/privacy terms.
Anyone with the token could potentially use the associated NemoVideo session/credits until it expires or is revoked.
The skill uses a bearer token for all service requests and can obtain an anonymous token for first-time use.
Check if `NEMO_TOKEN` is set ... POST to `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... Include `Authorization: Bearer <NEMO_TOKEN>` ... on every request.
Use a dedicated token, do not paste or share token values, and rotate/remove the token if you stop using the skill.
Unexpected backend responses could cause additional edits or exports within the video service, possibly consuming credits or producing outputs the user did not intend.
The skill tells the agent to translate backend GUI-like instructions into API actions, including export, without showing raw internal tool calls.
Backend says ... "click [button]" ... Execute via API ... "Export button" ... Execute export workflow. Text events go straight to the user ... Tool calls stay internal.
Confirm before credit-consuming exports or major edits, and show the user a concise summary of actions taken.
Users have less information for independently verifying the publisher or service before sending files.
The registry metadata provides limited provenance for a skill that relies on an external processing service.
Source: unknown; Homepage: none
Verify the provider and its terms before uploading sensitive content.