Back to skill

Security audit

Summarize All

Security checks across malware telemetry and agentic risk

Overview

This summarizer is mostly coherent, but its optional API server exposes high-impact unauthenticated access and arbitrary webhook forwarding.

Install only if you are comfortable sending summarized content to your configured AI provider and storing summaries locally. Avoid running server mode on shared or untrusted networks unless you add access controls, bind it locally, and restrict or disable webhook forwarding.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def merge_pdfs(pdf_paths, output_path):
    """Merge multiple PDFs into one"""
    try:
        result = subprocess.run(
            ['pdftk'] + pdf_paths + ['cat', 'output', output_path],
            capture_output=True, timeout=60
        )
Confidence
80% confidence
Finding
result = subprocess.run( ['pdftk'] + pdf_paths + ['cat', 'output', output_path], capture_output=True, timeout=60 )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def fetch_pdf(path):
    try:
        result = subprocess.run(['pdftotext', '-layout', path, '-'], capture_output=True, text=True, timeout=30)
        return result.stdout[:15000] if result.stdout else "[No text]"
    except:
        return "[pdftotext not found]"
Confidence
82% confidence
Finding
result = subprocess.run(['pdftotext', '-layout', path, '-'], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def fetch_youtube(url):
    try:
        result = subprocess.run(['summarize', url, '--extract-only'], capture_output=True, text=True, timeout=30)
        return result.stdout[:15000] if result.stdout else "[No transcript]"
    except:
        return "[summarize CLI not found]"
Confidence
86% confidence
Finding
result = subprocess.run(['summarize', url, '--extract-only'], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def fetch_audio(path):
    try:
        result = subprocess.run(['summarize', path, '--extract-only'], capture_output=True, text=True, timeout=60)
        return result.stdout[:15000] if result.stdout else "[Transcription failed]"
    except:
        return "[summarize CLI not found]"
Confidence
84% confidence
Finding
result = subprocess.run(['summarize', path, '--extract-only'], capture_output=True, text=True, timeout=60)

Tainted flow: 'req' from urllib.request.urlopen (line 846, network input) → urllib.request.urlopen (network output)

Medium
Category
Data Flow
Content
headers={'Content-Type': 'application/json'},
                            method='POST'
                        )
                        urllib.request.urlopen(req, timeout=10)
                    except:
                        pass
Confidence
97% confidence
Finding
urllib.request.urlopen(req, timeout=10)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tool sends fetched remote content and local file contents to a configured external LLM endpoint without any visible user warning at the point of use. In a summarizer that accepts arbitrary local files, this can unintentionally exfiltrate sensitive data to third-party services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The embedded server forwards summarization results to arbitrary webhook destinations with no confirmation or policy checks. This creates both SSRF risk and unauthorized data exfiltration, since summaries derived from local files or fetched content can be pushed to attacker-controlled endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.