Ai Image To Video Io

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud image-to-video workflow, with the main caution that user media, prompts, URLs, and render state are sent to NemoVideo for processing.

Install only if you are comfortable sending selected images/media, prompts, and any supplied media URLs to NemoVideo's cloud service. Avoid sensitive or confidential content unless NemoVideo's terms, retention, and privacy handling are acceptable, and confirm ambiguous edit requests before allowing the skill to submit them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest and top-level description present a narrow image-to-video tool, but the body documents a substantially broader cloud media-editing pipeline with timeline inspection, audio/text manipulation, credits checks, and multi-format export. This mismatch can mislead users and host agents about the skill’s true capabilities, increasing the chance of unintended data sharing, overbroad invocation, and abuse of features outside the advertised scope.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: Allowing uploads by arbitrary remote URL expands the skill from user-supplied local media processing into remote resource fetching, which is not necessary for the stated purpose. In an agent context, this can be abused to cause unexpected outbound requests, pull sensitive or internal URLs if not constrained server-side, or process third-party content without clear user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The routing table sends 'Everything else' to the SSE generation/edit path, which is an overly broad default for a skill that can trigger remote processing and stateful edits. This raises the risk that unrelated or ambiguous user messages are interpreted as commands, causing unintended cloud actions, prompt leakage to the backend, or modifications to session state.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The example invocations use broad natural-language phrases that overlap with ordinary conversation, making accidental activation or misrouting more likely in multi-skill environments. While not inherently malicious, broad trigger phrasing can cause users’ unrelated text or media to be sent to this cloud service without sufficiently clear intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill asks users to upload images and provide prompts, but does not clearly warn at the point of use that both are transmitted to a third-party cloud backend for processing. This undermines informed consent and can expose personal, proprietary, or sensitive content to remote services unexpectedly.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The documentation notes that session tokens carry render job IDs and that unfinished jobs may persist remotely, but it does not surface this as a user-facing warning in the skill description or setup flow. Users may reasonably assume closing the session stops processing, when in fact remote state and queued jobs can remain active.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal