Clw Summarize

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward wrapper for a summarization CLI, with expected use of AI provider keys and optional extraction services, but users should treat submitted files and URLs as potentially shared with external providers.

Install only if you are comfortable using the third-party Homebrew formula and sending chosen inputs to the configured AI or extraction providers. Do not summarize confidential, regulated, or sensitive local files or private URLs unless those providers are approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly supports summarizing URLs, local files, YouTube links, and fallback services such as Firecrawl and Apify, but it does not warn users that submitted content may be transmitted to third-party AI and extraction providers. This creates a real privacy and data-handling risk because users may unknowingly send sensitive document contents, media, or browsing targets to external services outside the local environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal