Back to skill

Security audit

Summarize Jarvis

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward wrapper for a summarization CLI, with privacy considerations because user-provided files and URLs may be processed by external AI or extraction services.

Before installing, make sure you trust the summarize CLI from the Homebrew tap. Avoid sending confidential documents, private URLs, secrets, or regulated data unless you are comfortable with the configured model provider and optional extraction services receiving that content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough that it could be invoked for many generic 'summarize this' requests without clear boundaries or user confirmation. Because the skill can summarize URLs, local files, and YouTube content via external services, over-broad triggering increases the chance of unintended data access or transmission beyond what the user expected.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states that URLs, local files, images, audio, PDFs, and YouTube links can be summarized using external model providers and optional fallback services, but it does not warn users that their content may be sent to third parties. This creates a significant privacy and data-handling risk, especially for sensitive local files or restricted web content, because users may unknowingly disclose confidential information to external APIs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.