Video Game Maker Free 3d

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-generation helper that uses a disclosed external API, with privacy and routing cautions but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending prompts and media to nemovideo.ai for cloud processing. Avoid private or sensitive uploads, keep NEMO_TOKEN secret, and invoke the skill with explicit video-generation wording to reduce accidental routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The routing table sends all unmatched prompts to the SSE/generation action, which can cause the skill to capture unrelated user requests and forward them to the remote backend. In this skill, that means arbitrary user text may be sent off-platform without a clear intent check, increasing privacy and misrouting risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill encourages users to upload images and video clips but does not clearly warn that prompts and media are transmitted to a third-party remote processing API. This creates a meaningful privacy and consent issue, especially because the skill auto-connects on first interaction and can obtain anonymous tokens automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal