Image To Video Llm

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate cloud video-generation helper, but it should be reviewed because it broadly routes ambiguous chat and user media to an external NemoVideo service without clear consent boundaries.

Install only if you are comfortable with NemoVideo receiving your media, prompts, and editing session data. Avoid private, regulated, or proprietary media unless you trust that service's privacy and retention practices, and prefer an explicit NEMO_TOKEN over automatic anonymous-token setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a simple still-image-to-video tool, but the documented endpoints and workflows enable broader media editing, uploads, timeline manipulation, audio handling, and rendering. This scope mismatch can mislead users and host agents about what data and capabilities are actually exercised, increasing the risk of unintended file handling and over-privileged invocation.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invitation text is broad enough that ordinary conversational requests about images could trigger the skill without clear user intent to upload files or contact a third-party API. In this skill's context, accidental activation is more dangerous because first interaction explicitly initiates remote setup and token/session creation before other actions.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Example phrases like 'convert my still images' and especially truncated wording such as 'turn this image into a 5-second' are too vague to reliably distinguish intentional skill use from normal conversation. This raises the chance of unintended routing into a workflow that uploads media and establishes remote sessions.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The fallback rule routes 'Everything else' to the SSE backend, which is overly broad and effectively turns most unmatched conversation into remote processing requests. Because the SSE path can send arbitrary user messages to an external service and maintain session state, this creates a significant risk of accidental data disclosure and unintended third-party interaction.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill encourages users to share images and states it will handle cloud processing, but it does not provide a clear privacy warning that files, prompts, and session metadata are transmitted to a remote API. In a media-processing skill, this omission undermines informed consent and can expose sensitive personal or proprietary content to third-party services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal