Movie Subtitle

Security checks across malware telemetry and agentic risk

Overview

This is a plausible remote subtitle/video tool, but it automatically creates remote sessions and broadly sends prompts or media to a third-party backend without enough user control.

Install only if you are comfortable sending videos, prompts, and project state to mega-api-prod.nemovideo.ai. Avoid private or regulated media unless you have reviewed that service's privacy and retention terms, and prefer using an explicit NEMO_TOKEN with known billing/account controls rather than automatic anonymous sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is presented as a narrow subtitle-generation tool, but the documented routing and backend capabilities support broader video editing and media manipulation actions. This scope mismatch can mislead users and reviewers about what data and operations the skill can perform, weakening informed consent and security review boundaries.

Description-Behavior Mismatch

Low

Confidence: 87% confidence
Finding: The manifest markets an MP4 movie subtitle workflow, but the documented API supports many additional media formats and asset types. While not inherently exploitable on its own, this discrepancy broadens the effective attack surface and can cause users to submit unexpected content types under inaccurate assumptions.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to obtain anonymous authentication tokens from a remote service automatically, even when the user may not have explicitly consented to account/session creation with a third party. For a subtitle skill, silently establishing remote authenticated sessions expands trust and data-sharing boundaries beyond what the manifest clearly justifies.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation language is broad enough that ordinary conversational phrases could activate the skill unintentionally. In this skill's context, accidental activation can lead to connection attempts, token acquisition, and remote handling of user media without a sufficiently specific request.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The catch-all rule routes nearly everything else to the SSE backend, which is an overly permissive trigger for a skill that can upload files, manipulate media, and create remote sessions. Ambiguous routing increases the chance of unintended backend actions and makes it harder to reason about what user inputs will be transmitted off-device.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill does not clearly warn users that their files, prompts, and session data are transmitted to and processed by remote backend services. Because this skill handles potentially sensitive video content, lack of prominent disclosure undermines informed consent and creates meaningful privacy and compliance risk.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: Hard-coding the session language to English without user choice can cause user prompts or generated subtitles to be processed under incorrect language assumptions. This is primarily a consent and correctness issue, but in a subtitle workflow it can also increase the likelihood of mishandling multilingual or sensitive content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal