Text To Video Diffusion Models

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud video-generation integration, but users should know prompts, selected files, URLs, and render-session data go to NemoVideo.

Install only if you are comfortable sending your video prompts, selected files, URLs, and session/render metadata to NemoVideo. Avoid confidential, regulated, or customer-sensitive material unless that provider is approved for your use, and prefer a dedicated or easily revocable NEMO_TOKEN.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is marketed as a simple text-to-video generator, but the documented behavior exposes broader editing and session-manipulation capabilities such as audio tracks, text overlays, timeline inspection, and iterative edits. This scope mismatch can mislead users and reviewers about what data and actions the skill can perform, increasing the risk of unintended remote processing and overbroad access.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The description says uploads are limited to TXT, DOCX, PDF, and PNG, but later documentation supports substantially broader media handling and export types, including video and audio-related formats. This discrepancy weakens informed consent and can cause users to submit more sensitive media than expected to a remote service.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Arbitrary URL ingestion expands the skill from local prompt-file upload into remote content fetching, which is not justified by the stated purpose. This can be abused to pull in sensitive or unexpected external resources, create consent issues, and broaden the data-handling surface significantly.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Routing nearly any unmatched request into the generation/SSE path is overly broad and can cause accidental transmission of unrelated user text to the remote backend. In a skill that auto-connects and maintains remote sessions, this increases the chance of unintended data disclosure and confusing behavior.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs automatic backend connection on first open without a clear warning that user content and metadata may be transmitted to a third-party service. Silent network initialization undermines user awareness and informed consent, especially when authentication and session creation happen immediately.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill description emphasizes convenience but does not clearly disclose that prompts and uploaded files are sent to a remote cloud rendering service. Users may reasonably assume local-only processing from the marketing copy, making this omission a meaningful transparency and privacy issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal