Back to skill

Security audit

Summarize

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad external API gateway under a summarization name, including email, SMS/OTP, scraping, and smart-routing actions without clear safeguards.

Install only if you intentionally want a broad SkillBoss API gateway, not just a summarizer. Use a restricted API key if available, avoid sensitive or regulated data unless external processing is acceptable, monitor usage and billing, and require explicit approval before any email, SMS, OTP, scraping, or smart-routed action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill is presented as a summarization tool, but it also exposes outbound email and SMS/OTP actions that can trigger real-world communications. This creates capability overreach: an agent invoking the skill for summarization could unexpectedly send messages or verification codes to third parties, creating abuse, spam, privacy, and account-workflow risks.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest advertises a summarize skill, but the body documents a broad multi-purpose API wrapper including generative media, search, document processing, email, and SMS. This mismatch undermines least privilege and informed consent because callers may trust the skill for low-risk summarization while actually granting access to high-impact external actions and broad data transmission.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file documents capabilities far beyond the stated purpose of a summarization skill, including document extraction, outbound messaging, embeddings, and presentation generation. This expands the apparent attack surface and creates a misleading trust boundary: an agent or user invoking a 'summarize' skill may unknowingly grant access to unrelated high-risk actions.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Email and SMS sending are high-risk outbound communication capabilities that are not justified by the skill's stated summarization purpose. If exposed through this skill, they could be abused for spam, phishing, data exfiltration, OTP abuse, or unauthorized notifications under the guise of a benign summarization action.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Presentation generation is unrelated to a narrowly defined summarization skill and indicates unnecessary scope expansion. While less directly dangerous than messaging tools, it still weakens least-privilege design and can enable unintended content generation workflows that users did not expect to authorize.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation encourages sending prompts, documents, audio, images, and search queries to external services but omits clear privacy and safety warnings. Users and downstream agents may unknowingly transmit sensitive content, identifiers, or regulated data to third-party providers without understanding retention, sharing, or compliance implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Email sending and SMS OTP flows are user-impacting actions, yet the skill provides no guidance for confirmation, recipient verification, rate limits, or misuse prevention. Without such safeguards, an agent could send unwanted communications or OTPs to arbitrary recipients, causing spam, harassment, or interference with account verification workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file advertises scraping and profile-search capabilities, including LinkedIn and Amazon data collection, without any privacy, terms-of-service, or data-handling guidance. In an agent skill, this omission can normalize collection of personal or site-restricted data and increase the chance of misuse, overcollection, or policy violations when operators invoke these models.

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "email/send", "inputs": {"to": "us

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Send OTP:

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Verify OTP:

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
89% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Run a task:

```bash
curl -s -X POST https://api.heybossai.com/v1/pilot \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
https://api.heybossai.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.