Audio Editor Free

Security checks across malware telemetry and agentic risk

Overview

This media skill appears purpose-aligned, but users should understand that prompts, uploads, and media URLs may be handled by Nemo's remote service.

Install only if you are comfortable sending media files, prompts, and media URLs to Nemo's remote service for processing. Do not use sensitive, regulated, or private media or internal URLs unless you have reviewed the service's privacy, retention, and deletion practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Low

Confidence: 84% confidence
Finding: Allowing remote media ingestion by arbitrary URL expands the attack surface beyond simple user-uploaded files. It can enable server-side fetching of attacker-controlled or internal URLs, creating risks such as SSRF, unexpected data exfiltration, or processing of untrusted content without sufficient user awareness.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill encourages users to upload media and provide prompts but does not clearly disclose that both are sent to a third-party remote backend. This is dangerous because users may unknowingly transmit sensitive audio, video, or metadata off-platform without informed consent, increasing privacy, compliance, and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal