Screen Video

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud screen-recording editor, and its token, upload, editing, and export behavior matches that purpose.

Install only if you are comfortable sending screen recordings, audio, URLs, and edit instructions to NemoVideo cloud services. Review recordings for passwords, private documents, notifications, customer data, or proprietary UI before upload, and prefer a limited or anonymous token when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing table sends essentially all unmatched user input to the SSE backend, which creates an overly broad command surface for a remote service. In a skill that forwards natural-language requests to an external editing API, this increases the chance of unintended data processing, prompt-injection-style backend misuse, and actions being taken without clear user intent boundaries.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to upload screen recordings to a third-party cloud API but does not clearly warn that videos may contain sensitive on-screen content, credentials, internal documents, or personal data. Because screen recordings often capture highly sensitive material, the missing disclosure meaningfully increases privacy and compliance risk in this context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal