ClawHub

Dizest Summarize

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Dizest summarization integration that sends user-chosen content to Dizest’s API using a user-provided API key.

Install only if you are comfortable sending the content you ask it to summarize to Dizest. Keep DIZEST_API_KEY in an environment variable, do not paste the key into prompts or logs, and avoid submitting secrets, regulated data, or confidential documents unless Dizest’s privacy and retention practices are acceptable for your use case.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The README suggests invoking the skill with very generic requests like 'Summarize https://example.com/article' and 'Summarize this research paper', which can overlap with ordinary user intents that do not explicitly name this skill. In agent ecosystems that rely on natural-language matching, this broad trigger surface can cause unintended tool selection, sending arbitrary user-provided content or sensitive documents to a third-party API without clear user awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to send arbitrary user-provided content to a third-party API but does not require explicit user notice or consent about external transmission. This can lead to inadvertent disclosure of sensitive text, documents, URLs, or embedded credentials to an external service, especially because the skill encourages forwarding content exactly as provided.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal