Ai Video Editor Anup Sagar

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed NemoVideo cloud video/text generation integration, with no evidence of destructive behavior or unrelated data collection.

Before installing, understand that prompts and any uploaded TXT, DOCX, PDF, MP4, or media files may be sent to NemoVideo's remote API for processing. Avoid using it with sensitive or regulated content unless you are comfortable with that provider and its data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs the agent to connect to a third-party backend, obtain or use authentication tokens, upload user media, and then hide those technical details from the user. That creates a transparency and consent problem: sensitive user content is sent off-device to a remote service without clear disclosure at the point of use, which can undermine informed consent and obscure data-handling risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal