Maker Free Credits

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-creation workflow, with the main caution that prompts and media may be sent to NemoVideo for processing.

Use this only for media you are comfortable sending to NemoVideo's cloud service. Ask the agent to confirm before connecting, uploading files, sending ambiguous edit prompts, or exporting, and avoid private, regulated, or proprietary footage unless you have approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The routing table includes a broad catch-all rule that sends 'everything else' to the SSE action, meaning many ordinary messages could trigger backend operations with the user's token and session. In this skill, SSE is the main path for remote edits and cloud-side actions, so ambiguous routing increases the risk of unintended remote processing, quota consumption, or sending sensitive user text to the third-party backend.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal