Video Miricanvas
PassAudited by ClawScan on May 4, 2026.
Overview
This is a coherent cloud video-generation skill, but users should notice that their media is uploaded to an external backend and authenticated with a NEMO token.
This looks safe for its stated purpose if you expect cloud video processing. Before installing, confirm you trust the NEMO/Miricanvas backend, avoid uploading sensitive media unless you understand the provider’s data handling, and protect the NEMO_TOKEN like any other service credential.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may upload provided files, start cloud render jobs, and use credits as part of the requested video workflow.
The skill instructs the agent to call external upload, state, SSE, and render/export endpoints. This is expected for a cloud video rendering skill, but it is an active external tool workflow.
Base URL: `https://mega-api-prod.nemovideo.ai` ... `/api/upload-video/nemo_agent/me/<sid>` ... `/api/render/proxy/lambda`
Use it only with media you intend to process through this backend, and review export/credit-related actions if the output matters.
Anyone with the token may be able to access the associated backend session or credits until the token expires or is revoked.
The skill uses a bearer token for backend access and can obtain an anonymous token when one is not already configured. This is purpose-aligned but is credential handling.
Look for `NEMO_TOKEN` in the environment... POST `https://mega-api-prod.nemovideo.ai/api/auth/anonymous-token` ... `All requests` must include: `Authorization: Bearer <NEMO_TOKEN>`
Keep NEMO_TOKEN out of shared logs and prompts, and rotate or replace it if it is accidentally exposed.
Personal, proprietary, or unreleased media could leave the local environment and be processed by the cloud service.
User media is sent to an external provider for processing. The artifact discloses this, but it does not describe retention, deletion, or privacy boundaries for uploaded content.
This tool takes your images or clips and runs AI video creation through a cloud rendering pipeline. You upload, describe what you want, and download the result.
Only upload files you are comfortable sending to the provider, and check the service’s privacy/retention terms for sensitive projects.
Users have less external information to validate who operates the service or how it handles uploads.
The listing does not provide an upstream source repository or homepage, which makes independent verification of the skill/provider provenance harder.
Source: unknown; Homepage: none
Verify the publisher and backend service before using it for sensitive or business-critical media.