Ai Video Generator Free Envato

Security checks across malware telemetry and agentic risk

Overview

This is a real cloud video-generation skill, but it is broad enough that user media or prompts could be sent to NemoVideo without clear, explicit consent.

Review before installing. Use it only with media and prompts you are comfortable sending to NemoVideo, avoid confidential product assets or private clips unless you accept the service's terms and retention practices, and require explicit confirmation before uploads, generation, or exports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The example triggers include very broad phrases like "export," "upload," and "generate my images or clips," which are common in normal conversation and can cause the skill to activate unintentionally. In a skill that uploads user media and sends prompts to remote APIs, accidental activation can lead to unintended disclosure of files or requests to third-party services.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill encourages users to send images or clips while only later mentioning that processing occurs on remote GPU nodes, without a prominent upfront privacy warning that media and prompts are transmitted to third-party infrastructure. This creates a meaningful risk of users unknowingly sharing sensitive or proprietary media, branding assets, or prompt content with an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal