Linkedin Editor Ai

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-editing connector whose network use and token/session flow match its stated purpose, though users should treat uploaded media as leaving their device.

Install only if you are comfortable sending selected videos, edit prompts, and related metadata to Nemovideo's cloud service. Avoid confidential, regulated, or client-sensitive footage unless you have permission and trust that service's handling of the content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The description emphasizes ease of use but does not clearly warn that uploaded media is sent to a third-party cloud backend for processing. Users may share sensitive or confidential video content under the mistaken assumption that processing is local or platform-native, creating privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill silently acquires and uses remote authentication tokens from an external service without a clear user-facing warning or consent flow. Even though the token is not shown to the user, this creates trust and account-boundary concerns because the skill initiates network authentication to a third-party backend and establishes a session automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal