Vn Video Editor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-editing skill, but it sends selected media and editing prompts to NemoVideo for online processing.

Install only if you are comfortable sending chosen videos, audio, images, and edit instructions to NemoVideo's cloud API. Keep NEMO_TOKEN private, avoid highly sensitive footage unless you trust the provider's retention practices, and ask the agent to confirm before uploads or exports when working with private or paid-account media.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The suggested invocations are very generic phrases like "edit my raw video clips" and "export 1080p MP4," which are likely to overlap with ordinary user requests. This can cause accidental activation or unintended routing of user intent into the skill, especially in multi-skill environments where the user did not explicitly choose this tool.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The fallback rule routes essentially all unmatched requests ("Everything else") into the SSE editing action, creating an overly broad catch-all. This increases the risk of misrouting benign conversation or unrelated requests into external API calls and session operations, which is especially risky because the skill automatically initializes sessions and can consume credits or process user media.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal