Video Editing With Music Free

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud video-editing integration, but users should know their videos, prompts, and session data are sent to NemoVideo for processing.

Install only if you are comfortable sending selected videos, audio, URLs, editing prompts, and generated project state to NemoVideo. Prefer a dedicated NEMO_TOKEN, avoid uploading private or sensitive footage unless you trust the provider, and watch for credit, registration, or upgrade prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The routing rule sends essentially all unmatched prompts to the SSE editing action, which can cause user requests that were not clearly intended for remote processing to be forwarded to the backend. In this skill, that broad catch-all increases the chance of unintended data disclosure and surprising external actions, especially because the service accepts arbitrary free-form messages and uploaded media.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill encourages users to upload videos and provide editing instructions, but does not clearly warn that both media and prompts are sent to a third-party remote backend service. This is a real privacy and consent issue because users may share sensitive footage or metadata without understanding where it is processed or stored.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal