Podcast Video Online

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud podcast-video rendering connector with expected privacy considerations, but no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable sending podcast prompts and audio/video files to NemoVideo’s cloud service for processing. Avoid uploading private, regulated, or confidential recordings unless you trust the provider’s privacy and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill does send user media, prompts, and session data to a third-party cloud backend, but the user-facing description does not clearly warn about that data transfer up front. This can mislead users into sharing sensitive audio, video, or embedded personal data without informed consent, especially since the skill encourages file uploads and remote processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal