My Summarize

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward summarization skill, but users should understand it relies on an external CLI and may send summarized content to AI or extraction services.

Install only if you trust the summarize Homebrew tap and the model or extraction providers you configure. Use dedicated or restricted API keys where possible, disable optional Firecrawl or Apify fallbacks when not needed, and avoid summarizing secrets, regulated documents, or private URLs unless you approve sending that content to the selected services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly supports summarizing URLs, local files, YouTube links, and optional fallback services, but it does not clearly warn users that submitted content may be transmitted to third-party model providers or services such as Firecrawl and Apify. This creates a real data exposure risk because users may provide sensitive local documents or private URLs under the assumption processing is local or confined to the agent environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal