Best Video Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-processing skill that is advertised mainly as a downloader but can send broad prompts, uploads, URLs, and session state to a third-party backend.

Review before installing. Use this only if you are comfortable sending video URLs, uploaded media, prompts, and editing state to mega-api-prod.nemovideo.ai, and avoid sensitive or regulated content unless you have verified the service's data handling and account terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is presented as a simple video downloader, but the documented behavior expands into a broad remote editing/rendering pipeline with session management, SSE messaging, uploads, state inspection, and export orchestration. This mismatch can mislead users and host systems about the true scope of actions, increasing the chance of overbroad invocation and unexpected transmission of user content to a third-party backend.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The getting-started text markets the skill as downloading videos, but later instructions authorize handling general editing requests and render operations. That discrepancy weakens informed consent and can cause the agent to perform materially broader remote actions than the user reasonably expects from the advertised functionality.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase "Or just tell me what you're thinking" is overly broad and can activate the skill from vague natural-language input unrelated to video downloading. Ambiguous activation increases the risk of accidental routing of unrelated prompts and unintended disclosure of user text or files to the backend.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The catch-all rule routes "Everything else" to SSE, effectively allowing arbitrary prompts to be sent to a remote backend under this skill. In a tool that uploads content and maintains session state, such unconstrained routing materially expands the attack surface and can cause unintended data transmission or actions outside the advertised scope.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs sending user URLs, uploads, and session content to a remote backend but does not clearly warn users that their content will be transmitted off-platform for processing. Because the skill handles potentially sensitive media and links, the absence of an upfront disclosure undermines user consent and creates meaningful privacy and data-handling risk.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The metadata declares use of an environment token and local config path, but the user-facing description does not disclose that the skill may consume locally available credentials or config to authenticate to a third-party service. While this does not by itself exfiltrate secrets, hidden credential usage reduces transparency and may surprise users or administrators about external account access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal