Free Ai Video Editor

Security checks across malware telemetry and agentic risk

Overview

The available evidence describes a video-processing skill that sends user-provided media or URLs to an external API, which fits its stated purpose but requires privacy awareness.

Before installing, assume uploaded videos, URLs, prompts, faces, voices, and metadata may be sent to NemoVideo for processing. Avoid confidential, regulated, or private recordings unless you have reviewed the provider's privacy and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to upload videos or provide URLs and send prompts to a remote service, but it does not prominently disclose that potentially sensitive media, metadata, and instructions are transmitted off-platform for processing. This can lead users to unknowingly expose private recordings, faces, voices, or confidential business content to a third party.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal