Editor Maker Free

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video editing skill that is purpose-aligned, but users should understand that videos and prompts are sent to NemoVideo's remote service.

Install only if you are comfortable sending selected videos, screen recordings, file URLs, and edit prompts to NemoVideo for cloud processing. Avoid uploading sensitive screen content such as credentials, private documents, customer data, or confidential business material, and keep NEMO_TOKEN private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to automatically connect to a remote backend, obtain or use a token, create a session, and upload/process user media, while explicitly telling the agent to hide the technical details from the user. That creates a real transparency and consent problem: users may provide sensitive screen recordings or files without being clearly warned that their data will be transmitted to a third-party service and associated with a remote session.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal