Maker Italiano

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill for Italian-language videos, with privacy and scope caveats but no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable sending your media, prompts, and video project state to NemoVideo for cloud processing. Avoid uploading confidential media unless you trust that service's privacy and retention practices, and prefer a limited or anonymous token if you do not want the skill using a personal NemoVideo account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill includes very broad trigger phrases such as "create my video clips or images" and generic routing like "Everything else" to the SSE action. This can cause accidental invocation or misrouting of unrelated user prompts, which may unexpectedly send user content to the remote backend and initiate edits or processing without sufficiently clear intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill says it handles video creation on cloud GPUs but does not provide a clear upfront privacy warning that uploaded media, prompts, and possibly session data are transmitted to a third-party cloud service. Users may share sensitive media under the assumption processing is local, creating a data exposure and privacy risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal