Free Video Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud video generator, but users should understand that prompts and selected media go to Nemovideo for processing.

Install only if you are comfortable sending selected media, prompts, and related session metadata to Nemovideo’s cloud service. Avoid confidential business or personal media unless you trust the provider’s retention and privacy practices, keep NEMO_TOKEN private, and verify any free-credit or export limits before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

High

Confidence: 93% confidence
Finding: The skill encourages users to upload files and prompts to a remote service, but it does not clearly warn that those materials are transmitted to a third-party cloud backend. This creates a meaningful privacy and data-handling risk because users may share sensitive media or business content without informed consent about external processing.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to automatically connect to the backend on first open, obtain an anonymous token, and create a remote session without a clear upfront warning to the user. Silent network activity and credential/session setup can violate user expectations, reduce transparency, and expose metadata before the user knowingly opts in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal