Free To Video Ai

Security checks across malware telemetry and agentic risk

Overview

This skill uses a cloud video service to turn user-provided text or media into videos, and its behavior fits that purpose with privacy and activation-scope cautions.

Install only if you are comfortable sending prompts, images, videos, audio, or file URLs to the NemoVideo cloud API for processing. Avoid confidential or sensitive media unless you trust that provider's privacy and retention practices, and use explicit video-generation wording to reduce accidental activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The invocation guidance is broad enough that ordinary phrases like "export," "download," or generic requests about text/images could unintentionally trigger this skill. In a multi-skill environment, that increases the chance of misrouting user intent and causing unintended uploads, session creation, or calls to the remote video service.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill processes user text, images, and media on remote cloud services, but the user-facing description does not prominently disclose that content is transmitted off-device before processing. This can lead users to share sensitive material without informed consent, creating privacy and data-handling risk that is amplified by automatic setup and background API/session creation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal