Video Editor Ai Mac

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill; its main risks are expected for uploading and editing videos with a remote service.

Install only if you are comfortable sending video files, media URLs, edit prompts, and session metadata to NemoVideo's cloud backend. Avoid confidential screen recordings, private media, or internal URLs unless you trust the service and understand its retention and access policies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing table sends all unmatched prompts to the SSE editing action, which can cause unintended remote operations on uploaded media from vague or unrelated user input. In this skill, the backend performs stateful cloud edits and render actions, so overly broad intent matching increases the chance of surprising processing, wasted credits/time, and unintended transmission of user content to the cloud workflow.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill does use a cloud backend, but the user-facing setup and quick-start text do not clearly warn that uploaded videos are sent to a third-party remote service for processing. Because users may upload personal screen recordings or iPhone clips, insufficient disclosure creates privacy and consent risk, especially for sensitive media that users may assume is handled locally on their Mac.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal