Ia Video Maker Free

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-generation skill, but users should expect media, prompts, and media URLs to be sent to NemoVideo for processing.

Install only if you are comfortable sending selected media files, remote media URLs, prompts, and project session data to NemoVideo. Avoid confidential or regulated content unless you trust that provider, and use explicit instructions before uploads, URL ingestion, generation, or export actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill supports server-side ingestion of arbitrary remote URLs, even though the stated purpose is user-supplied local media processing. URL fetching can enable SSRF-style abuse, unexpected access to internal resources by the backend, and privacy issues if the service retrieves attacker-controlled or sensitive endpoints.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends user prompts and uploaded media to a cloud backend, but the user-facing description does not clearly warn about this data transfer. That creates a privacy and consent problem, especially for potentially sensitive images, videos, or embedded metadata uploaded under the assumption of local or opaque processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal