Li Summarize

Security checks across malware telemetry and agentic risk

Overview

This is a coherent summarization helper for OpenAI-compatible providers, with expected privacy and credential-handling considerations but no evidence of hidden or destructive behavior.

Install only if you trust the npm package and the model provider endpoint you configure. Avoid using sensitive documents, private URLs, or regulated data unless that provider is approved for that content, and review ~/.summarize/config.json because it may store your API key and default settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill advertises summarizing URLs, YouTube links, and local files via third-party OpenAI-compatible endpoints, but it does not clearly warn users that fetched or uploaded content will be transmitted to the configured remote provider. This creates a real privacy and data-handling risk because users may submit sensitive local documents or private URLs under the assumption processing is local or opaque.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal