Back to skill

Security audit

skill-0415-05-zip自测过来

Security checks across malware telemetry and agentic risk

Overview

This is a coherent summarization skill, with the main caveat that submitted URLs, files, or media may be processed by external providers.

Install only if you trust the summarize Homebrew package and the model or extraction providers you configure. Avoid submitting confidential files, private URLs, secrets, or regulated data unless you are comfortable with those providers processing the content; leave optional Firecrawl and Apify fallbacks disabled unless you intentionally want them used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports summarizing URLs, local files, and YouTube content using third-party model providers, and also documents fallback services such as Firecrawl and Apify. Without a clear warning to users that submitted content may be transmitted to external services, users may unintentionally expose sensitive local documents, private URLs, or regulated data to outside providers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.