Video Editing Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-editing integration that sends user-provided media and editing instructions to NemoVideo, with no installer, persistence, or unrelated local access found.

Install only if you are comfortable sending your media files and edit instructions to NemoVideo's remote service. Avoid uploading sensitive footage unless you trust the provider, and use a separate or trial token before using an account-linked NEMO_TOKEN.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to automatically use an environment token if present, otherwise obtain an anonymous token and immediately connect to a remote backend before handling user requests, while explicitly hiding technical details from the user. This creates a consent and transparency problem: user prompts and potentially uploaded media may be sent off-platform without clear notice, and an existing credential can be consumed automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal