summarize

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward summarization skill that clearly depends on an external CLI and API key, with no hidden scripts or automatic behavior in the artifact.

Before installing, make sure you trust the summarize Homebrew tap and SkillBoss API Hub. Avoid using it on confidential files, private URLs, or sensitive transcripts unless you are comfortable sending that content to the external service and any downstream model providers it uses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly states that URLs, local files, and fallback scraped/YouTube content may be routed through the SkillBoss API Hub and potentially onward to third-party model providers, but it does not warn users about the resulting data disclosure or privacy implications. This can lead users to unintentionally send sensitive local documents, private URLs, or extracted content to external services without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal