Scan Report
0 /100
nemo-subtitle
AI Subtitle: Add, Burn, Translate Subtitles to Video
This is a pure documentation skill (SKILL.md only) that describes a legitimate subtitle generation API service with no executable code or suspicious behavior.
Safe to install
No action needed. This is a well-documented API wrapper for video subtitle generation.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in documentation |
| Network | READ | READ | ✓ Aligned | Uses API endpoints for upload/download - declared and necessary |
| Shell | NONE | NONE | — | No shell commands documented |
| Environment | READ | READ | ✓ Aligned | Reads NEMOVIDEO_API_KEY for auth - declared and necessary |
| Skill Invoke | NONE | NONE | — | No nested skill invocations |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | No browser automation documented |
| Database | NONE | NONE | — | No database access documented |
5 findings
Medium External URL 外部 URL
https://nemovideo.com SKILL.md:23 Medium External URL 外部 URL
https://mega-api-prod.nemovideo.ai SKILL.md:24 Medium External URL 外部 URL
https://cdn.nemovideo.ai/outputs/job_gen_789/subtitles.srt SKILL.md:330 Medium External URL 外部 URL
https://cdn.nemovideo.ai/outputs/job_gen_789/subtitles.vtt SKILL.md:331 Medium External URL 外部 URL
https://cdn.nemovideo.ai/outputs/job_gen_789/transcript.txt SKILL.md:332 File Tree
1 files · 12.6 KB · 446 lines Markdown 1f · 446L
└─
SKILL.md
Markdown
Security Positives
✓ Pure markdown documentation with no executable code
✓ All API endpoints clearly documented with request/response examples
✓ Credential requirement (NEMOVIDEO_API_KEY) explicitly declared and necessary for authentication
✓ No hidden functionality or shadow behavior
✓ No obfuscation techniques (base64, eval, atob)
✓ No credential harvesting beyond the declared API token
✓ Network communication limited to documented API domain (nemovideo.ai)
✓ No suspicious patterns: no reverse shell, C2, data exfiltration
✓ No supply chain risks as there are no dependencies
✓ No filesystem write operations that could introduce persistence mechanisms