Video Maker Free Download App

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud video-making integration, but users should know their media and prompts are sent to NemoVideo's online service for processing.

Install only if you are comfortable sending your videos, images, audio, prompts, and render-session data to NemoVideo's cloud service. Avoid uploading sensitive, regulated, or private media unless you trust the provider's storage, retention, and deletion practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to automatically establish a backend session and upload user media to a third-party service without requiring an explicit user-facing disclosure that files and related metadata will leave the local environment. Because this skill handles potentially sensitive photos, videos, and audio, silent transmission creates a meaningful privacy and consent risk, especially for casual users who may assume chat attachments remain local to the assistant.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The session creation flow hard-codes `"language":"en"` rather than using the user's language or offering a choice. This is not a direct security exploit, but it can cause misprocessing of user content and prompts, increase the chance of incorrect edits or misunderstood instructions, and undermine informed consent for non-English users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal