Ai Video Generator Free Bot

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-generation connector, but users should only use it with media and prompts they are comfortable sending to Nemovideo.

Install only if you trust Nemovideo with the prompts, images, videos, and project state you choose to provide. Avoid confidential media, treat NEMO_TOKEN as a credential, and confirm ambiguous requests before allowing uploads or remote processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example invocation language is broad enough that ordinary user requests about generating or describing media could unintentionally activate this skill. In a skill that can automatically acquire anonymous tokens and call remote APIs, overbroad triggering increases the chance of unintended network actions, file handling, or data transfer without clear user intent.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The catch-all rule routes 'Everything else' to the SSE action, meaning nearly any unmatched input can be sent to a remote backend. Because SSE messages may contain arbitrary user text and uploaded-content context, this creates an overly permissive path for unintended exfiltration of prompts or files to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal