Free Video Generation Without Login

Security checks across malware telemetry and agentic risk

Overview

This video-editing skill is mostly aligned with its purpose, but it should be reviewed because it creates remote NemoVideo sessions and can route broad prompts and uploaded media to that backend with limited user-facing scoping.

Install only if you are comfortable sending prompts and uploaded videos/images/audio to NemoVideo’s remote service. Use non-sensitive media, review the NemoVideo account/token and retention expectations, and be careful with broad requests because the skill may route most editing instructions through the remote SSE backend.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The manifest and description frame the skill as simple text/image-to-video generation, but the body grants broader capabilities including uploads of many file types, media editing, audio handling, and session/state operations. This scope mismatch can mislead users and reviewers about what data may be processed and what actions the agent may take, increasing the chance of unintended data exposure or overbroad use.

Context-Inappropriate Capability

Low

Confidence: 79% confidence
Finding: The instruction to infer platform from local install paths requires inspecting local filesystem locations unrelated to core video generation. Even limited path probing increases unnecessary host-environment awareness and can disclose contextual system information that is not needed to fulfill the user request.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The invocation examples are broad and generic, making accidental activation more likely during ordinary conversation. Unintended activation matters here because the skill immediately connects to a backend and may create tokens/sessions before the user has clearly consented to remote processing.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The catch-all routing rule of "Everything else" creates an effectively unlimited activation scope for the SSE action. In a skill that sends prompts and media to a remote API, this ambiguity can cause unrelated user inputs to be transmitted off-platform without a clear user intent boundary.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill processes prompts and uploaded media on remote GPU services, but the user-facing description does not clearly warn that content is sent to third-party backend systems. This transparency gap can lead users to disclose sensitive text, images, video, or audio under incomplete understanding of where their data goes.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill mandates backend connection and token/session creation before handling any request, but does not clearly present this as a user-facing pre-action disclosure. Even if low sensitivity by itself, silently establishing remote sessions expands tracking and data processing without informed consent.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: Forcing the session language to English without user choice can cause prompts to be translated, misinterpreted, or processed contrary to user expectation, especially for multilingual users. In a generative media workflow, this can alter outputs and may inadvertently expose content through additional transformation steps.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal