Video Editor Ai With Music

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-editing connector that clearly relies on a remote backend, with no local installer, persistence, or hidden executable behavior found.

Install only if you are comfortable sending the videos, audio, images, and editing instructions you provide to the nemovideo.ai cloud service. Avoid confidential or highly sensitive media unless you trust that service's retention, privacy, and download-link handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Routing 'Everything else' to the SSE action is an overly broad catch-all that can cause unintended remote actions and excessive transmission of arbitrary user text to the cloud backend. In this skill, SSE appears to be the primary high-capability path for edit commands, so unclear routing increases the risk of prompt confusion, accidental data disclosure, and unpredictable backend behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends user videos and editing instructions to a third-party cloud service, but the setup and onboarding text does not prominently warn users before upload or command submission. Because uploaded media may contain sensitive personal content, insufficient disclosure meaningfully increases privacy and consent risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal