Free Youtube Free

Security checks across malware telemetry and agentic risk

Overview

This looks like a real cloud video-processing skill, but it is broader and more automatic than a simple YouTube-to-MP4 downloader.

Review before installing. Use this only with videos, URLs, prompts, and files you are comfortable sending to Nemovideo, and avoid sensitive or proprietary media unless you understand the provider's retention and processing terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill is presented as a simple YouTube-to-MP4 downloader, but the documented behavior exposes a much broader third-party cloud media-processing pipeline with session creation, SSE messaging, uploads, state queries, and rendering. This mismatch can mislead users and host platforms about the actual data flows and capabilities, increasing the risk of unauthorized content transfer, policy bypass, and abuse beyond the stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The routing table and workflow expose broad editing and generation actions unrelated to downloading a YouTube video as MP4, such as SSE-driven edits, track manipulation, credits, and session state inspection. Excess capability increases attack surface and can cause users to invoke sensitive remote operations they did not intend, especially given the vague prompts and hidden backend complexity.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The description implies the tool merely downloads videos, but the documented path uploads files and URLs into a remote cloud editing/rendering service. This is dangerous because users may disclose local media or external links without understanding that their content is being transmitted, stored, and processed by a third party.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The suggested activation language is broad and conversational, which can cause the skill to trigger on loosely related user input. In a skill that performs remote uploads, session creation, and rendering, accidental invocation is more dangerous because it can initiate external data transfer or backend actions without clear user intent.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger routing maps generic terms like 'export,' 'download,' 'upload,' and even 'everything else' to backend actions, including SSE and export workflows. Because the skill has broad remote capabilities, such permissive routing materially raises the likelihood of unintended actions, backend calls, and transmission of user content.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill instructs the agent to automatically obtain tokens, create sessions, and send user files/URLs and inferred language to a third-party backend, but the user-facing description does not clearly warn that their content will be transmitted off-platform. This lack of disclosure undermines informed consent and creates privacy, compliance, and trust risks, especially for sensitive media or proprietary URLs.

Natural-Language Policy Violations

Low

Confidence: 76% confidence
Finding: The session creation flow includes automatic language detection and transmission without user opt-in. While lower severity than the undisclosed upload behavior, it still sends derived user metadata to a third party and may surprise users who did not consent to such profiling or inference.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal