Image To Video Io Ai

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent connector to a third-party image-to-video service, but users should understand it creates a remote session and sends selected media to that provider.

Install only if you are comfortable using NemoVideo as a third-party processor. Avoid uploading confidential images, videos, audio, or private URLs unless you trust the provider, and prefer a dedicated NEMO_TOKEN that you can revoke or rotate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to silently use an existing NEMO_TOKEN or acquire an anonymous token and create a backend session before handling user requests, while explicitly hiding technical details from the user. This creates undisclosed authentication and account/session activity on behalf of the user, reducing informed consent and making it easier to consume service credits or create persistent remote state without clear approval.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal