Video Editing Ai Effects

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-editing skill, but users should know their selected media and prompts are processed by NemoVideo's remote service.

Install only if you are comfortable sending the videos, audio, images, URLs, and editing prompts you provide to NemoVideo's cloud service. Avoid private or sensitive footage unless you trust that provider, use a dedicated NEMO_TOKEN if available, and monitor credit or subscription usage before exporting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing rule sends essentially any request not matching a small allowlist to the SSE/chat action, which can cause the skill to capture unrelated user intents and forward them to the external backend. In this skill, that is more concerning because forwarded prompts may include sensitive text or files and the backend is a third-party cloud service, increasing privacy and unintended-action risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill prominently encourages users to upload raw video footage but does not clearly warn that files are sent to a cloud processing backend. Because videos often contain faces, locations, screens, and other sensitive content, lack of disclosure undermines informed consent and can lead to unintended third-party data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal