TwelveLabs Video Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward TwelveLabs helper for user-directed video upload, indexing, search, and analysis, with privacy considerations users should understand before use.

Install only if you are comfortable sending chosen videos, images, prompts, and analysis requests to TwelveLabs under your account. Do not upload confidential meetings, regulated data, or private recordings unless your organization permits that provider and retention model; use a scoped or revocable API key where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs users to upload local files or provide video URLs to TwelveLabs, but it does not disclose that the video content and any potentially sensitive information within it will be transmitted to a third-party cloud service for indexing and analysis. This creates a real privacy and data-governance risk because users may submit confidential recordings, meetings, or regulated data without informed consent or awareness of external processing.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal