Video Editor Ai Gemini

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill, but users should understand that their media and edit prompts go to NemoVideo's backend.

Install only if you are comfortable sending videos, audio, images, edit prompts, and generated outputs to NemoVideo's cloud service. Avoid private screen recordings, confidential documents, faces, voices, or sensitive client material unless you understand the provider's retention, sharing, deletion, and download-link handling practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The routing table sends 'Everything else' to the SSE edit action, which means a very broad range of user prompts may be forwarded to the remote backend by default. In a skill that can upload media and send free-form instructions to a cloud service, this increases the chance of unintended data transmission, surprising actions, and weak user-consent boundaries.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill encourages users to drop raw video footage and begin editing, but the user-facing setup and description do not prominently warn that videos and prompts are sent to a third-party cloud backend for processing. Because uploaded media may contain sensitive visual, audio, or metadata content, lack of clear disclosure can lead to unintended privacy exposure and uninformed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal