Video Classifier

Security checks across malware telemetry and agentic risk

Overview

This skill is for bulk tagging videos in a live staff backend, but it can make many record changes without a required preview or final confirmation.

Install only if you trust the operator and this exact staff backend workflow. Before use, require a preview of the tag, filters, target environment, and number of videos to be changed, then explicitly approve the write action; keep batches small and make sure there is an audit or rollback path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description contains broad trigger phrases like classifying, tagging, and batch categorizing videos without tight scoping or eligibility checks. This can cause the skill to activate for loosely related requests and then perform backend-changing actions on the wrong content set.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs autonomous bulk browser actions that change backend records by selecting all matching videos and applying tags, but it provides no warning, dry-run, or explicit user confirmation before submission. In a production admin interface, this creates a serious risk of mass misclassification or unauthorized data modification if filters are wrong, the page state changes, or the invocation is ambiguous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal