Generator Text Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video/text-generation helper that sends prompts and uploaded media to NemoVideo APIs, which is expected for its purpose but should be used with privacy awareness.

Install only if you are comfortable sending prompts, uploaded media, and session metadata to NemoVideo's cloud service. Avoid confidential or regulated videos unless you have reviewed that service's privacy and retention terms, and prefer a dedicated NEMO_TOKEN for this workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest markets the skill as simple text generation for videos, but the body exposes a much broader remote video-processing pipeline with uploads, session management, cloud rendering, timeline edits, and export. This scope mismatch can mislead users and host systems about what data leaves the environment and what capabilities are being granted, increasing the risk of unintended file transfer and over-privileged invocation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The startup guidance invites activation from vague natural-language phrases like 'tell me what you're thinking,' which can cause the skill to engage on routine conversation rather than explicit user intent. In a skill that uploads content and connects to external APIs automatically, overly broad invocation increases the chance of accidental activation, unintended data transmission, and user confusion about what actions are being taken.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The catch-all rule routes 'everything else' to the SSE action, effectively giving broad free-form prompts access to the external backend. Because the backend can drive edits, state queries, and workflow actions, this fallback greatly widens the attack surface and makes unscoped or accidental prompts capable of triggering remote processing and data handling beyond the user's clear request.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to share prompts and files while emphasizing convenience, but it does not clearly warn that prompts, uploaded media, and session data are sent to third-party cloud APIs. This lack of transparent disclosure undermines informed consent and can expose sensitive media or text to external processing without the user fully understanding the privacy and data-transfer implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal