Percept Summarize

Security checks across malware telemetry and agentic risk

Overview

This skill clearly describes a conversation-summary workflow, but users should understand it processes and stores sensitive conversation data.

Install only if you are comfortable with conversation transcripts being processed by OpenClaw and conversation-derived records being stored locally. Before enabling it, confirm how percept-listen obtains consent, whether your OpenClaw setup sends prompts to a remote model, who can access the dashboard and SQLite data, and how to delete retained summaries, relationships, and speaker profiles.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly states that speaker-tagged conversation transcripts are sent to an external OpenClaw agent for AI summarization, but it does not warn users that potentially sensitive conversation content leaves the local summarization component. This creates a real privacy and data-handling risk because users may reasonably assume summaries are generated locally, especially since the skill also emphasizes local storage and searchability.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal