tencentcli-test

Security checks across malware telemetry and agentic risk

Overview

This is a coherent summarization helper, but users should remember that summarized files, URLs, and media may be sent to external providers.

Install only if you trust the external Homebrew tap and the summarize CLI. Avoid summarizing secrets, private URLs, confidential documents, or regulated data unless you are comfortable with the selected model and extraction providers processing that content; use limited API keys where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill encourages summarizing URLs and local files using third-party model providers and optional external services, but it does not warn users that the contents of those URLs/files may be transmitted off-host. This creates a real data exposure risk because users may submit sensitive local documents or private URLs under the assumption the processing is local or opaque.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal