Free Generator Maker

Security checks across malware telemetry and agentic risk

Overview

This cloud video-generation skill is coherent with its purpose, but users should know their prompts and media are sent to nemovideo.ai for processing.

Install only if you are comfortable sending prompts, images, videos, and audio to nemovideo.ai for cloud processing. Avoid sensitive or proprietary media unless you trust the provider’s privacy, retention, and deletion practices, and keep NEMO_TOKEN private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs uploading user-provided text, images, audio, and video to a third-party remote API, but it does not clearly warn users that their content will be transmitted off-device and processed in the cloud. In a media skill, remote processing is contextually plausible, but the absence of an explicit privacy/data-transfer notice creates a real risk of users unintentionally exposing sensitive files or proprietary content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal