Vivideo

This skill otherwise looks like a legitimate integration with NemoVideo, but review these points before installing: - Expect that any video you upload will be transmitted to nemo's servers; do not send sensitive or private footage unless you trust their service and privacy policy. - The SKILL.md suggests generating or using a NEMO_TOKEN and then embedding that token in a workspace-claim URL — tokens in URLs can leak via browser history, referrer headers, or logs. Ask the vendor to avoid placing tokens in query parameters (use short-lived, one-time codes or POST flows instead) or confirm that the token included is deliberately ephemeral and safe to expose. - Clarify where session_id and any obtained tokens are stored and how long they persist. Prefer in-memory/session-only storage or an encrypted credential store rather than writing long-lived tokens to disk. - Verify the skill's provenance: the registry source is unknown; check the GitHub repository (https://github.com/nemovideo/nemovideo_skills) and NemoVideo's official site to confirm this package is legitimate and not an impersonation. - If you must test, use an account/token with minimal privileges/credits or the anonymous/demo token rather than production credentials. Ask for more precise docs about logging, retention, and token handling; absence of those details increases risk. If you want, I can produce a checklist of questions to ask the vendor or propose safer token-handling changes to the SKILL.md.