skill-ts

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CLI helper for summarizing user-chosen URLs and files, with external provider privacy considerations but no evidence of hidden or unsafe behavior.

Install only if you trust the external summarize CLI and its Homebrew tap. Use only the provider keys you intend to expose, monitor paid API usage, and avoid summarizing confidential files or private URLs unless you are comfortable sending that content to the configured model or extraction services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly supports summarizing URLs, local files, and YouTube content using third-party model providers and optional fallback services, but it does not warn users that submitted content may be transmitted off-host. This creates a real privacy and data-handling risk because users may pass sensitive documents or private links assuming processing is local, when the content could be sent to external APIs such as OpenAI, Anthropic, Google, Firecrawl, or Apify.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal