Ai Video Generator Free Me

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud AI video generator that sends user-provided prompts and media to NemoVideo, which is expected for its stated purpose but privacy-sensitive.

Install only if you are comfortable sending the prompts, images, audio, or videos you provide to NemoVideo for cloud processing. Avoid confidential, regulated, or proprietary material unless you trust that service, and be aware that remote render jobs may continue until completion after you close the session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to upload user prompts and files to a remote backend, but it does not present a clear, up-front user warning or consent step at the point where content leaves the local environment. Because the skill accepts media and freeform text, users may unknowingly transmit sensitive personal, proprietary, or regulated data to a third-party service.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The session creation hardcodes `language":"en"` without user choice, which can cause privacy and integrity issues when multilingual user input is processed under the wrong language setting. This is not a severe exploit primitive, but it can degrade output fidelity, mishandle user content, and violate user expectations about how their data is processed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal