Keyframes Video Editing

Security checks across malware telemetry and agentic risk

Overview

This cloud video-editing skill appears purpose-aligned, but it deserves review because it can automatically connect to a third-party backend and route broad or ambiguous prompts to that service.

Install only if you are comfortable sending video files, editing prompts, timeline state, and render jobs to NemoVideo's cloud API. Use it for explicit video-editing requests, avoid sensitive media unless you understand the provider's privacy and retention terms, and prefer confirming before any upload or automatic anonymous token setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: The skill derives local install-path/platform information and sends it to a remote service via attribution headers, even though that data is not necessary to perform video editing. This creates unnecessary host-environment disclosure that can be used for user/tool fingerprinting and service-side profiling without clear user consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation examples and setup language are broad enough that common phrases like 'export' or generic editing requests may activate the skill in contexts where the user did not specifically intend cloud video processing. Because activation can lead to token acquisition, session creation, and eventual remote uploads, ambiguous triggering increases the risk of unintended data transfer and surprising side effects.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The catch-all routing rule sends 'everything else' to the SSE edit path, which is too ambiguous for a networked skill that can process user content remotely. In practice, loosely related prompts could be interpreted as editing commands, causing unintended backend interaction, state changes, or uploads with insufficient user intent verification.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description and onboarding do not clearly warn users that their video files and editing instructions are sent to a cloud backend for processing. This is dangerous because media files can contain sensitive personal, commercial, or biometric information, and users may disclose such content without informed consent about third-party transmission and retention.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal