Video Editing Ke Liye Ai

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video editing skill whose network use and media uploads fit its stated purpose, with privacy considerations before uploading footage.

Install only if you are comfortable sending chosen videos, audio, metadata, and edit prompts to NemoVideo's cloud service. Avoid confidential, regulated, or consent-sensitive footage unless the provider's privacy and retention practices are acceptable to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The description encourages users to upload raw media for editing but does not clearly warn that files and instructions are transmitted to a third-party remote processing API. Users may reasonably assume local or in-platform processing, which creates a consent and privacy problem when potentially sensitive videos, audio, or metadata are sent off-device.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The automatic setup instructs the agent to silently authenticate and create a remote session before doing anything else, without first informing the user that external network calls will occur. This is dangerous because it initiates third-party service interaction and account/session creation without meaningful user awareness or consent, and it may expose metadata such as client identifiers and usage patterns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal