Trimmer In

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-trimming skill whose remote uploads and token use are largely disclosed and aligned with its purpose, though users should treat uploaded media as sensitive.

Install only if you are comfortable sending selected videos, audio, images, and editing instructions to NemoVideo's cloud backend. Avoid confidential recordings unless you trust that provider's privacy, retention, deletion, billing, and credit policies, and keep NEMO_TOKEN out of logs or shared chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill encourages users to upload raw video footage, but the user-facing description does not clearly disclose that media is transmitted to a third-party cloud backend for processing. This creates a real privacy and informed-consent risk, especially because uploaded videos may contain sensitive personal, workplace, or biometric information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal