School Program Video

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-editing workflow, but school footage may be sensitive and should only be uploaded with proper permission.

Install only if you are allowed to send the relevant videos and edit prompts to NemoVideo. Do not upload student-identifying, confidential, or consent-restricted footage unless the provider's terms and your school or organization policy allow it, and keep NEMO_TOKEN private because it controls credits and render sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill encourages users to drop raw footage and editing instructions but does not prominently warn that both media and prompts are transmitted to a third-party remote backend for processing. In a school-program context, uploads may contain minors, classroom scenes, names, voices, or other sensitive educational data, so insufficient disclosure increases privacy, consent, and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal