Ai Video Editor Instagram Reels

Security checks across malware telemetry and agentic risk

Overview

This video editing skill is mostly aligned with its purpose, but it needs review because broad prompts and uploaded media can be sent to a third-party cloud API with a loose activation boundary.

Install only if you are comfortable sending video/audio files, edit prompts, and related session data to nemovideo.ai for cloud processing. Avoid private or regulated media unless you trust that provider's privacy, retention, and deletion practices. The publisher should narrow the catch-all route and add a clear confirmation before first remote submission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The routing rule sends all unmatched input to the SSE editing action, which can cause unintended remote API operations on vague or unrelated user messages. In this skill, that behavior is more concerning because the default path can trigger stateful cloud processing, session activity, and potentially billable or privacy-sensitive actions against an external service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal