Create Image To Video Ai

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud image-to-video helper whose API, upload, token, and render-session behavior fit its stated purpose, though users should treat provided media as leaving their device.

Install only if you are comfortable sending selected images, prompts, URLs, and generated video session data to NemoVideo's cloud service. Avoid confidential, regulated, or highly personal media unless you trust that provider's privacy and retention practices, and treat NEMO_TOKEN like a password.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The routing table sends 'Everything else' to this skill, causing broad interception of user requests that may be unrelated to image-to-video editing. This can lead to unintended collection and transmission of user prompts or files to the third-party NemoVideo API, increasing privacy and misrouting risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to connect to an external cloud API and later upload files and prompts, but it does not clearly warn users up front that their content will be transmitted to a third-party service. This undermines informed consent and can expose sensitive images, metadata, or prompt content to an external processor without adequate notice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal