nemo-edit 安全扫描报告 — 可信 | ClawSafe

0 /100

nemo-edit

AI Video Editor for Color Grading and Background Music — applies LUTs, adjusts exposure/saturation, mixes audio tracks, and adds background music via remote API

This skill consists entirely of documentation (Markdown) describing a remote video editing API. No executable code, scripts, or dependencies are present. The skill makes authenticated API calls to external video processing endpoints but does not execute local code, access sensitive paths, or exfiltrate data.

技能名称nemo-edit

分析耗时30.9s

引擎pi

✓

可以安装

Approve for use. This is a pure-documentation skill with no executable attack surface.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	Documentation describes uploading files but no local read/write code exists
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:22-23 declares https://mega-api-prod.nemovideo.ai
命令执行	`NONE`	`NONE`	—	No shell execution documented or present
环境变量	`NONE`	`NONE`	—	Only references NEMOVIDEO_API_KEY as user-supplied; no iteration through os.envi…
数据库	`NONE`	`NONE`	—	No database access documented or present

7 项发现

🔗

中危外部 URL 外部 URL

https://nemovideo.com

SKILL.md:22

🔗

中危外部 URL 外部 URL

https://mega-api-prod.nemovideo.ai

SKILL.md:23

🔗

中危外部 URL 外部 URL

https://cdn.nemovideo.ai/outputs/job_edit_778/final.mp4

SKILL.md:367

🔗

中危外部 URL 外部 URL

https://mega-api-dev.nemovideo.ai

references/api-reference.md:3

🔗

中危外部 URL 外部 URL

https://cdn.nemovideo.ai/outputs/job_edit_abc001/final.mp4

references/api-reference.md:443

🔗

中危外部 URL 外部 URL

https://cdn.nemovideo.ai/outputs/job_edit_abc001/thumb.jpg

references/api-reference.md:444

🔗

中危外部 URL 外部 URL

https://cdn.nemovideo.ai/outputs/job_edit_abc001/preview_720p.mp4

references/api-reference.md:445

目录结构

2 文件 · 27.7 KB · 978 行

Markdown 2f · 978L

├─ ▾ 📁 references

│ └─ 📝 api-reference.md Markdown 490L · 12.1 KB

└─ 📝 SKILL.md Markdown 488L · 15.6 KB

安全亮点

✓ Pure documentation skill — no executable attack surface

✓ All network activity is declared in SKILL.md with clear API documentation

✓ No credential harvesting beyond the explicitly required NEMOVIDEO_API_KEY

✓ No file writes, shell execution, or sensitive path access

✓ No obfuscation, base64 payloads, or hidden instructions

✓ No supply chain risks since there are no dependencies or package files