Ai Video Creation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate video-generation integration, but it needs review because it may send prompts or uploaded media to a remote backend too automatically and too broadly.

Install only if you are comfortable with prompts, uploaded media, and related metadata being sent to NemoVideo for processing. Prefer using it with non-sensitive media, require clear confirmation before generation/upload, and check any API key, token, credit, or session behavior before first use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing table sends 'Everything else' to the SSE/generation action, which is an overly broad catch-all that can cause unintended backend operations from ambiguous or unrelated user input. In a skill that automatically connects to a remote service and can transmit user content, broad activation increases the chance of accidental data submission or unintended consumption of credits/session state.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to automatically connect to the backend on first open, but the user-facing description does not clearly warn that uploaded files, prompts, and media metadata are sent to a third-party remote service. This undermines informed consent and can expose sensitive media or script content unexpectedly, especially because the skill encourages immediate upload of large files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal