Ai Video Subtitle Editor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the video transcription/subtitle work it describes, with the main caveat that users should understand media is sent to a third-party service.

Before installing, confirm you are comfortable sending the videos, audio, transcripts, and related metadata to NemoVideo for processing. Avoid using it on confidential, regulated, or third-party media unless you have permission and understand the provider's retention and training policies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to send video-processing requests to a third-party API for transcription and subtitle generation, which inherently involves transmitting potentially sensitive audio/video content off-platform. The documentation does not provide any privacy notice, consent guidance, retention details, or warning that uploaded media may contain personal, confidential, or regulated data, so users could unknowingly expose sensitive content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal