Video Producer Online

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill, but users should be aware it sends selected media, URLs, and editing prompts to NemoVideo’s backend.

Install only if you are comfortable with NemoVideo receiving your selected files, media URLs, editing prompts, render requests, and generated outputs. Avoid confidential, regulated, or highly personal footage unless you trust that provider, and keep NEMO_TOKEN private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Allowing uploads from arbitrary remote URLs gives the backend a network-fetch primitive that can be abused to retrieve attacker-chosen resources, including internal-only or sensitive endpoints if the service is not strictly isolated. In a skill context, this exceeds the narrowly described local media upload behavior and creates SSRF-style risk and unintended data ingestion paths.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger examples are broad enough that ordinary conversational phrases could invoke the skill unexpectedly, increasing the chance that users send media-processing commands or files to a third-party backend without clear intent. Because this skill performs cloud-backed processing and authentication setup, accidental invocation has privacy and consent implications beyond mere UX confusion.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The catch-all route of 'Everything else' to the SSE editing action is overly permissive and can cause unrelated user text to be forwarded to the remote backend. In this skill, that means broad unintended data disclosure and backend-side actioning based on ambiguous prompts, which is riskier than a local no-op misroute.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs automatic connection to the backend on first open and describes cloud processing, but does not require a clear, informed disclosure and consent step before transmitting data or obtaining tokens. Automatic backend initialization combined with media upload/processing can expose user content, metadata, and session information to a third party without sufficiently explicit notice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal