Green Screen Editor

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video background-editing skill that is coherent with its purpose, but users should know their media and prompts go to NemoVideo for processing.

Install only if you are comfortable sending chosen videos, prompts, URLs, and render metadata to NemoVideo's cloud backend. Avoid confidential, regulated, or highly personal footage unless you trust that provider's privacy and retention practices, keep NEMO_TOKEN private, and ask the agent to confirm before uploads, exports, or credit-consuming actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The startup prompt and trigger phrases are so broad that users may invoke the skill unintentionally or without understanding that files and editing instructions will be sent to an external video-processing service. In an agent setting, ambiguous invocation boundaries increase the chance of accidental data disclosure and unintended third-party processing of user media.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to upload user videos and send editing prompts to a cloud backend, but the user-facing description does not clearly warn that this data leaves the local environment. That omission is dangerous because users may share sensitive or private video content under the false assumption that processing is local or limited to the chat environment.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal