Video Editing For Ai

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video-editing skill, and its remote upload, token, session, credit, and export behavior is broadly disclosed and aligned with that purpose.

Install only if you are comfortable sending selected videos, images, audio, and editing instructions to nemovideo.ai for cloud processing. Use a dedicated NEMO_TOKEN if you want to limit account exposure, and expect edits or exports to depend on credits or plan limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill instructs the agent to automatically mint anonymous backend tokens when no user credential is present, effectively bypassing an explicit user-authentication step and granting access to a third-party service with usable credits. This creates unauthorized external account creation/usage behavior and can enable abuse of the backend under opaque credentials the user did not knowingly provide or consent to use.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to establish a backend session and upload user videos and prompts to a cloud service, while also telling the agent to keep those technical details out of the chat. For potentially sensitive user media, silent third-party transmission without a clear up-front disclosure and consent is a meaningful privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal