Ai To Generator

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-generation connector with disclosed remote processing, token/session use, uploads, and exports, but users should treat uploaded content as shared with NemoVideo.

Install only if you are comfortable sending prompts and uploaded media or documents to NemoVideo for cloud processing. Avoid confidential files, keep NEMO_TOKEN private, and confirm export or credit-consuming actions before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest advertises a limited text-to-video capability, but the body defines a much broader remote media editing and export workflow with uploads, session management, SSE commands, and timeline inspection. This mismatch can mislead users and host platforms about what data the skill will process and what network behaviors it performs, undermining informed consent and security review.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill claims support for TXT/DOCX/PDF/MP3 inputs, but later accepts a much wider set of media types including video and image formats. This discrepancy can cause users to upload content under false assumptions about scope, and can bypass policy or review decisions that were based on the narrower manifest-declared input surface.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Routing 'everything else' to the generation SSE action creates an overly broad trigger that may capture unrelated user requests and forward them to the remote backend. In this skill, that is more dangerous because unmatched prompts may include sensitive user text or files, which could be sent to a third-party service without a clear, specific user intent to invoke video generation.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to automatically connect to external APIs and process user inputs remotely, but it does not clearly warn users up front that their prompts and uploaded files will be transmitted to a third-party cloud service. Given the skill handles documents, audio, and other media up to 200MB, missing disclosure materially increases privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal