summarizer2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent summarization helper, but users should understand that summarized files or URLs may be sent to configured AI and extraction services.

Install only if you trust the Homebrew package that provides the summarize binary. Use only the API keys you intend to spend from, and avoid summarizing confidential local files, private URLs, or proprietary media unless you are comfortable with the selected model provider or extraction service processing that content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs users to summarize URLs, local files, PDFs, images, audio, and YouTube content using external model providers and optional extraction services, but it does not warn that the referenced content may be transmitted to third-party APIs. This creates a real privacy and data-handling risk because users may unknowingly send sensitive local documents or proprietary web content to OpenAI, Anthropic, Google, xAI, Firecrawl, or Apify.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal