Ai Video Editor Kannada

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill, but users should understand that media, prompts, tokens, and render state are handled by NemoVideo’s backend.

Install only if you are comfortable sending selected media files, editing prompts, and project metadata to NemoVideo’s cloud API. Keep NEMO_TOKEN private, avoid private or regulated footage unless you trust the provider’s data handling, and ask the agent to confirm before uploads, exports, or credit-consuming renders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The skill’s documented capabilities extend well beyond the narrow manifest claim of Kannada-captioned video editing, including generic editing flows, audio manipulation, text overlays, and handling of non-video assets. This mismatch increases the chance of overbroad invocation, unexpected data handling, and user misunderstanding about what the skill may upload or process on the backend.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill instructs the agent to obtain anonymous access tokens and manage credits/subscription-related backend state, which expands behavior from content editing into account and billing workflows. That creates unnecessary authority for a media-editing skill and can lead to opaque third-party account creation, token use, and backend access without clear user consent.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The suggested trigger language is broad enough to match ordinary conversation about editing or exporting, which can cause unintended activation of a networked skill. In this context, accidental activation is more concerning because the skill uploads user media and creates remote sessions, so a vague prompt can lead to unexpected data transfer.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The catch-all rule routes nearly all unmatched requests into the SSE editing path, creating an overbroad execution surface. Because this path can trigger remote processing and stateful backend operations, weak routing specificity raises the risk of processing unrelated prompts or sensitive content without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description does not clearly warn users that uploaded videos and editing prompts are transmitted to a cloud backend for processing. Since videos often contain sensitive personal, biometric, or location information, lack of disclosure undermines informed consent and increases privacy risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The metadata indicates use of an environment token and a local configuration path, but the skill does not provide a clear warning that it may rely on locally available credentials or config-derived access. Even if the file only declares requirements, hidden credential use in a skill materially affects trust and should be disclosed to the user.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal