Video Editing With Blender Tutorial

Security checks across malware telemetry and agentic risk

Overview

This skill sends user-provided videos to a disclosed cloud video-editing service, which matches its stated purpose.

Install only if you are comfortable sending video clips, prompts, and edit state to NemoVideo's cloud service. Avoid uploading confidential screen recordings, credentials, client footage, or private project material unless external processing is acceptable for your situation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill asks users to upload video clips to a cloud backend but does not clearly warn, at the point of collection, that potentially sensitive media will be transmitted to a third-party service for remote processing. Users may unknowingly send confidential screen recordings, embedded credentials, private project footage, or client data off-device, which creates privacy and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal