Back to skill

Security audit

Web Summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches a user-provided web page and creates a local summary, with normal caution for outbound URL fetching.

Install only if you are comfortable with the skill making outbound requests to URLs you or your agent provide. Use it for public web pages, avoid localhost, private network, cloud metadata, or sensitive URLs, and do not rely on the robots.txt claim unless the script is updated to enforce it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises shell-based execution (`bash scripts/summarize.sh ...`) and mentions using `web_fetch` or `curl`, but it does not declare any permissions. This creates a transparency and policy gap: consumers may invoke a skill with network and shell capabilities they were not warned about, increasing the risk of SSRF, unsafe URL fetching, or broader command misuse in downstream implementations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs a network request to an arbitrary user-supplied URL without any warning, consent flow, or restriction on destinations. In an agent context, this can leak internal network reachability, trigger requests to sensitive endpoints, or disclose browsing/request metadata to third parties, making the lack of transparency and controls security-relevant rather than merely UX-related.

External Script Fetching

High
Category
Supply Chain
Content
echo ""

# Fetch content
CONTENT=$(curl -s --max-time 15 -L \
    -A "Mozilla/5.0 (compatible; AI-Agent/1.0)" \
    "$URL" 2>/dev/null)
Confidence
96% confidence
Finding
curl -s --max-time 15 -L \ -A "Mozilla/5.0 (compatible; AI-Agent/1.0)" \ "$URL" 2>/dev/null) if [ -z "$CONTENT" ]; then echo "❌ Failed to fetch content" exit 1 fi # Extract title TIT

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.