Video Maker Google Free

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-making helper whose token use, uploads, and render API calls match its stated purpose, with normal privacy cautions for third-party processing.

Install only if you are comfortable sending the specific images, clips, prompts, and generated project state you provide to Nemo Video's cloud service. Avoid using private, regulated, or proprietary media unless you trust that provider's handling of uploaded content and tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation examples are broad enough to match ordinary user conversation about making or editing videos, which can cause the skill to activate unexpectedly. In a skill that can upload files, create sessions, and call external APIs, overbroad triggering increases the chance of unintended data handling or remote actions without clear user intent.

Vague Triggers

High

Confidence: 97% confidence
Finding: Routing 'Everything else' to the main SSE action creates a catch-all trigger that effectively treats any unmatched input as authorization to send content to the backend. This is dangerous because arbitrary user text, including unrelated or sensitive conversation, could be forwarded to a third-party service and cause unintended remote processing or data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal