smart summarizer

Security checks across malware telemetry and agentic risk

Overview

This summarizer is useful and not malicious, but it automatically saves every summary locally without clear opt-in or retention controls.

Install only if you are comfortable with summaries being saved under ~/.openclaw/summaries. Avoid using it for confidential documents, secrets, regulated data, or sensitive business material unless you are prepared to inspect and delete the archive yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill expands from transient summarization into persistent storage and retrospective search, which materially changes its data-handling behavior. That creates privacy and scope-creep risk because user-provided links, pasted text, and derived summaries may be retained locally without explicit consent or clear disclosure in the top-level description.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The documented behavior includes writing summaries to disk, but the manifest presents the skill as a summarization-only tool. This mismatch can mislead users and downstream systems about the skill's capabilities, preventing informed consent and increasing the chance that sensitive content is stored unexpectedly.

Vague Triggers

High

Confidence: 88% confidence
Finding: The trigger logic is very broad, including generic phrases like 'summarize' and automatic activation whenever a URL is shared without comment. This can cause unintended invocation on sensitive or unrelated content, increasing the chance of fetching external resources or storing derived data when the user did not intend to use the skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs automatic archive saving but does not provide a clear warning that summaries will be written persistently to local storage. This undermines user awareness and consent, especially when summaries may contain sensitive information copied from private documents, PDFs, or pasted text.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Automatic archival of every summary creates a durable natural-language record of potentially sensitive user content, including pasted text, PDFs, and fetched pages. Even if the archive is local, it becomes a secondary data store that can expose confidential information through later compromise, backup leakage, shared accounts, or unintended search results.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal