Create A Free Ai Video

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud AI video generator, but users should know their prompts and selected media go to NemoVideo's remote service.

Install only if you are comfortable sending the prompts and media you choose to use with this skill to NemoVideo's cloud backend. Avoid confidential, regulated, or third-party-sensitive content unless you trust that provider, keep NEMO_TOKEN private, and confirm unexpected edits or exports before proceeding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to automatically connect to a remote backend and obtain an anonymous token without a clear, up-front user consent flow that their prompts and uploaded media will be transmitted to a third-party cloud service. This creates a real privacy and data-handling risk, especially because user files and text may contain sensitive or proprietary content and the setup is triggered automatically on first use.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal