Create Video From Images

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-making workflow, but users should understand that selected media and prompts are sent to NemoVideo for processing.

Install only if you are comfortable sending selected images, videos, audio, and editing prompts to NemoVideo for cloud processing. Avoid sensitive media unless you trust that provider, consider using a dedicated NEMO_TOKEN, and monitor credit or subscription behavior before large exports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The routing rules allow broad editing operations beyond simple image-to-video creation, including text overlays and audio changes, under an 'everything else' catch-all. This expands the skill's effective authority beyond what users would reasonably expect from the description, increasing the risk of unintended remote actions and data transfer to the backend.

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: The skill inspects local install paths to infer the host platform and sends that information as attribution headers, which is unrelated to creating videos from images. Even though the data is limited, unnecessary host-environment inspection increases privacy exposure and establishes a pattern of collecting local context without a user-facing need.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are extremely generic, such as 'turn my images' and 'export 1080p MP4', making accidental activation more likely during normal conversation. In a skill that uploads media and contacts a cloud backend, ambiguous activation can lead to unintended processing or disclosure of user content.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The routing logic includes an 'Everything else' condition that sends broad requests into SSE-driven backend actions, effectively making the skill activate on almost any editing-related text. This creates a high risk of overbroad execution, where innocuous conversation may trigger remote processing or state changes without sufficiently explicit user consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill automatically connects to a third-party backend, acquires tokens, creates sessions, and uploads user media/prompts, but the getting-started flow does not prominently warn users that their content will be transmitted to a cloud service. This undermines informed consent and increases privacy risk, especially for sensitive images or metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal