Ai Image To Video Discord

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud image-to-video skill, with privacy and credit-use considerations but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending uploaded images, prompts, and render details to NemoVideo’s remote API and potentially using credits. Avoid confidential or regulated media unless that provider is approved for your use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The routing rule sends essentially all unmatched inputs to the SSE generation/edit path, which makes the skill overly eager to activate on vague or unrelated user requests. In an agent environment, broad catch-all behavior increases the chance of unintended external API calls, media processing actions, or credit consumption without clear user intent.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The top-level description is broad enough to overlap with ordinary requests about images, videos, sharing, or Discord content creation, which can cause accidental invocation. That expands the skill's activation surface and may lead to unintended uploads, token acquisition, session creation, or billable backend usage in response to general conversation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal