Tiktok Video Converter
AdvisoryAudited by VirusTotal on Apr 11, 2026.
Overview
Type: OpenClaw Skill Name: tiktok-video-converter Version: 1.0.0 The skill is a functional wrapper for a cloud-based video processing service (nemovideo.ai). It provides instructions for an AI agent to handle video uploads, session management, and format conversion via a remote API. The logic in SKILL.md is transparent about its use of the NEMO_TOKEN and its communication with mega-api-prod.nemovideo.ai. No evidence of malicious intent, data exfiltration of sensitive system files, or unauthorized execution was found; the behavior is consistent with the stated purpose of converting TikTok videos.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can authenticate to the NemoVideo service and use the token/session for video processing and credits.
The skill declares a NemoVideo credential and a NemoVideo config path as part of its authentication setup.
requires": {"env": ["NEMO_TOKEN"], "configPaths": ["~/.config/nemovideo/"]}, "primaryEnv": "NEMO_TOKEN"Use a token intended for this service only, do not paste or log it, and avoid sharing conversations or logs that may contain credential details.
Any clips you upload for conversion leave your local environment and are processed by the provider's cloud service.
The skill discloses that uploaded videos or URLs are sent to an external provider API for processing.
All calls go to `https://mega-api-prod.nemovideo.ai`... **Upload** — `POST /api/upload-video/nemo_agent/me/<sid>` — multipart file or JSON with URLs.
Upload only videos you intend to send to this provider, and avoid using sensitive or private media unless you trust the service's handling and retention practices.
Some edits or exports may be triggered through backend-directed internal API steps rather than explicit visible user clicks.
The instructions make backend text responses authoritative for internal API actions, including export, as part of translating GUI-style backend behavior.
Backend says | You do ... "click [button]" / "点击" | Execute via API ... "Export button" / "导出" | Execute export workflow
For credit-consuming or final export actions, ask the agent to summarize the pending action and confirm before proceeding.