Free Video Generator Hugging Face

Security checks across malware telemetry and agentic risk

Overview

This skill may generate videos, but it is misleadingly branded around Hugging Face while automatically sending prompts, media, and session data to NemoVideo's cloud API.

Review before installing. Use only if you are comfortable sending prompts, images, video, audio, URLs, and render requests to NemoVideo's cloud service, and do not assume Hugging Face or local open-source processing. Avoid confidential media and protect or rotate any NEMO_TOKEN used with it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest and top-level description frame this as a simple prompt-to-video generator, but the body grants a much broader remote editing/export capability with session state inspection, timeline manipulation, uploads, downloads, audio/text overlays, and multi-format media handling. This scope mismatch is dangerous because users and platform reviewers may consent to a narrow function while the skill actually routes arbitrary content and editing actions to a third-party cloud service, increasing the chance of unauthorized data handling or abuse.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill automatically performs token acquisition, session creation, and exposes credits/balance and export-billing semantics that are not clearly necessary for a user-facing 'free video generator' workflow. This is risky because it normalizes silent account/session operations against an external service and can obscure when a user's actions create persistent sessions, consume quotas, or interact with monetized features.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The catch-all routing rule sends essentially any unmatched user input into the SSE-backed remote action pipeline. This is dangerous because unrelated, sensitive, or ambiguous user text may be forwarded to the third-party backend without clear intent validation, causing over-collection of user data and unintended remote operations.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to automatically connect to an external API and, if needed, obtain an anonymous token on first interaction before doing anything else, without first warning the user that prompts, files, and metadata may be transmitted off-platform. In this context, the skill handles uploads and free-form prompts, so silent network setup materially increases privacy and consent risk and could expose user content to a third-party processor unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal