Back to skill

Security audit

NEXUS Summarize

Security checks across malware telemetry and agentic risk

Overview

This appears to be a document summarizer, but it sends content to a paid remote service and introduces payment-proof handling that users should review first.

Install only if you trust the remote summarization provider, understand what document text will be sent off-platform, and are comfortable configuring any payment-proof value. Avoid using it on confidential, regulated, credential-containing, or proprietary documents unless the provider's privacy and billing terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill claims to perform simple document summarization, yet it requires a payment-proof environment variable and embeds multi-protocol blockchain payment flows unrelated to the core summarization function. This creates unnecessary access to financial/payment credentials and expands the attack surface, increasing the risk of secret misuse, unintended payments, or user confusion about what the skill actually does.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest presents the skill as a straightforward summarizer, but most of the file is dedicated to remote-service usage, payment workflows, settlement protocols, and trust messaging. This mismatch is security-relevant because users and agents may authorize the skill under false assumptions, leading to unanticipated data exfiltration to a third party and unexpected financial operations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The README states the skill is 'automatically invoked' when a matching task is detected, but does not define the trigger conditions or boundaries. In an agent environment, vague auto-invocation criteria can cause the skill to run on unintended inputs, increasing the chance that sensitive documents are sent to the remote service without informed user intent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README provides usage instructions that send document content to a third-party endpoint but does not clearly warn users that their text leaves the local environment. This creates a real confidentiality risk because users may submit proprietary, regulated, or personal data to a remote service without realizing it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.