Caption Generator Youtube

Security checks across malware telemetry and agentic risk

Overview

This skill is a third-party cloud video-editing integration that can upload user media and broad prompts to nemovideo.ai, so users should review its scope before installing.

Install only if you are comfortable sending videos, URLs, prompts, and related metadata to mega-api-prod.nemovideo.ai for processing. Treat it as a broader cloud video-editing service, not only a local caption helper, and avoid private or sensitive media unless you trust the service and its retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: Routing 'Everything else' to the SSE action creates an overly broad trigger that can capture unrelated user requests and send them to an external backend for processing. In this skill, that increases the chance of unintended data disclosure and off-scope actions because arbitrary prompts may be forwarded to a third-party cloud editing service.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to upload user files and prompts to external cloud APIs but does not clearly disclose that data leaves the local environment. This is a real privacy and consent issue because users may provide sensitive videos, audio, captions, or instructions without understanding they will be transmitted to a third-party service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal