Best Video Maker Free App

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video-editing skill that clearly sends uploaded clips and edit prompts to NemoVideo for remote rendering.

Install only if you are comfortable sending video clips, media URLs, edit prompts, and render session data to NemoVideo's cloud API. Avoid uploading private or sensitive footage unless you trust that provider, keep NEMO_TOKEN private, and confirm export/pricing limits before relying on the 'free' workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The routing rule sends 'everything else' to the SSE action, creating an overly broad catch-all that can cause unrelated user requests or ambiguous prompts to be forwarded to the remote backend. In a skill that uploads media and performs cloud-side processing, this increases the chance of unintended external actions, privacy exposure, and confusion about what data or commands are being sent off-device.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description does not prominently warn users that uploaded videos are sent to a third-party cloud backend for processing, even though the later content states all rendering happens server-side. This is a privacy and transparency issue because users may submit sensitive personal media without understanding that their files, metadata, and editing instructions leave the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal