Security audit

Test Safety

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal summarization skill, with privacy considerations because it can send user-provided links or files to model and extraction providers.

Install only if you are comfortable with user-selected URLs, files, or video content being processed by the configured model provider and optional extraction services. Avoid summarizing confidential local files unless the chosen provider and its retention policy are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill claims to be a pre-LLM safety guard that analyzes user input, but the documented behavior is a general URL/file ingestion and model-based extraction tool with optional web and YouTube fetching. This mismatch is security-relevant because operators may trust it as a protective control while it actually expands the attack surface, processes untrusted external content, and may forward data to models or third-party services under a misleading safety label.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: For a tool presented as screening user input for harmful content, support for fetching arbitrary URLs, local files, and YouTube content is not justified by the stated purpose and introduces unnecessary exposure to hostile content. That broadens the trust boundary and can enable prompt-injection, sensitive file handling, or unexpected outbound requests in a component users may assume is only performing local safety checks.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The metadata slug identifies this skill as "summarize," which conflicts with the described purpose of a safety/security guard skill. This kind of identity mismatch can cause the wrong skill to be selected, reviewed, or granted trust, undermining security controls if operators believe they are invoking a guardrail skill but actually reference a differently labeled artifact.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs users to configure multiple third-party model API keys but does not warn that user input or extracted content may be transmitted to external providers. This creates a meaningful privacy and compliance risk because users may supply sensitive prompts, files, or links under the assumption the skill is merely a local safety guard.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documented Firecrawl and Apify fallbacks imply that content from URLs and YouTube sources may be sent to additional external extraction services, yet no warning is provided. This hidden data-sharing path is dangerous because it increases third-party exposure of potentially sensitive source material beyond the primary model provider, contrary to user expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal