Best Anonymous Token

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real remote video-processing skill, but it asks agents to send sensitive media and broad prompts to a third-party backend with too much scope and too little user-facing control.

Install only after confirming you are comfortable sending videos, prompts, and render metadata to mega-api-prod.nemovideo.ai. Use it for explicit anonymization tasks, avoid highly sensitive footage unless the service's retention and deletion policy is acceptable, and confirm uploads/exports before they start.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest markets the skill as a narrowly scoped video anonymization tool, but the implementation exposes a much broader remote video-editing and export workflow. That scope mismatch can mislead users and host platforms about what data and operations are actually being performed, increasing the risk of unintended remote processing of sensitive media and instructions.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill includes unrelated capabilities such as audio editing, text overlays, and general timeline composition, which materially exceed the stated anonymization use case. In a security context, hidden or unjustified extra capabilities are dangerous because they broaden what remote services can do with uploaded user content beyond user expectations.

Context-Inappropriate Capability

Low

Confidence: 78% confidence
Finding: Advertising acceptance of images and standalone audio formats goes beyond the manifest's claimed scope of anonymizing uploaded video files. While lower severity, this can still mislead users into sending additional sensitive media types to a remote backend without clear disclosure or purpose limitation.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The catch-all routing rule sends 'everything else' to the SSE backend, which could activate the skill on unrelated user requests. This is risky because ordinary conversation or off-topic prompts may be transmitted to a third-party service unexpectedly, causing privacy leakage and unintended actions.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The phrase 'Or just tell me what you're thinking' is overly vague and encourages invocation on arbitrary conversation rather than explicit video-anonymization requests. In combination with remote backend calls, this increases the chance that unrelated or sensitive user text is sent off-platform without meaningful consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends uploaded videos and editing instructions to a remote backend, but the user-facing description does not prominently warn about that external transmission. Because the skill is aimed at journalists, researchers, and others handling sensitive identities, lack of explicit disclosure materially raises privacy and confidentiality risk.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The file documents that session tokens and render job state persist remotely and that jobs can be orphaned, but this is not surfaced as a user-facing warning. For sensitive anonymization workflows, undisclosed persistence of job state and token-linked render metadata increases privacy and operational risk if users assume processing is transient.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal