Expanso text-summarize

Security checks across malware telemetry and agentic risk

Overview

The skill does summarize text as described, but its MCP server listens on all network interfaces and can use the user's OpenAI key without shown authentication.

Review before installing. Use the OpenAI backend only for text you are comfortable sending to OpenAI and paying for with your API key. If you use MCP mode, bind it to localhost or add access controls, avoid leaving it running unnecessarily, and prefer the Ollama option for local-only summarization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Intent-Code Divergence

Low

Confidence: 81% confidence
Finding: The comment states the key is "never transmitted to Expanso Cloud or logged anywhere," which is an absolute claim about logging behavior. Later, the pipeline uses a log processor to write audit information to expanso-edge logs, so the documentation's "logged anywhere" wording is inaccurate in context, even though the specific log message shown does not include the API key itself.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This markdown file describes privacy benefits and says API keys stay local, but the default path still sends the user's text to the OpenAI API. Although the diagram later notes that OpenAI receives the text, there is no prominent user warning near the summary or quick-start instructions that user-provided content leaves the local machine when using the OpenAI backend.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This manifest sends stdin content to OpenAI via the `openai_chat_completion` processor, which is a network operation involving user data. While the header explains API-key handling and says the AI service sees the text, it does not clearly warn users in the usage or behavior description that piped input is transmitted to a third-party model provider.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: This manifest configures an HTTP-accessible summarization endpoint and sends the submitted text to OpenAI via `openai_chat_completion`. While the comments mention that the API key stays local, they do not clearly warn that user-supplied text is transmitted to an external provider, which is a privacy-relevant behavior for a manifest file.

External Transmission

Medium

Category: Data Exfiltration
Content: # Start the skill server PORT=8080 expanso-edge run pipeline-mcp.yaml & # Call from curl (or OpenClaw MCP) curl -X POST http://localhost:8080/summarize \ -H "Content-Type: application/json" \ -d '{"text": "Your long article or document text here..."}'
Confidence: 60% confidence
Finding: curl (or OpenClaw MCP) curl -X POST http://localhost:8080/summarize \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: For MCP mode, make sure you're sending JSON with a `text` field: ```bash curl -X POST http://localhost:8080/summarize \ -H "Content-Type: application/json" \ -d '{"text": "Your text here"}' ```
Confidence: 60% confidence
Finding: curl -X POST http://localhost:8080/summarize \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # # Start the server # PORT=8080 expanso-edge run pipeline-mcp.yaml # # # Call from curl # curl -X POST http://localhost:8080/summarize \ # -H "Content-Type: application/json" \ # -d '{"text": "Your long text here..."}'
Confidence: 60% confidence
Finding: curl # curl -X POST http://localhost:8080/summarize \ # -H "Content-Type: application/json" \ # -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal