Back to skill

Security audit

test-0313-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward wrapper for a summarization CLI, with expected use of external model and extraction services when the user chooses to summarize URLs or files.

Install only if you trust the Homebrew tap and the summarize CLI. Avoid passing secrets, regulated data, confidential documents, or private URLs unless you are comfortable with the configured model provider or fallback service receiving that content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages summarizing URLs, local files, PDFs, images, audio, and YouTube content via third-party model providers and fallback services, but it does not warn users that the content and related metadata may be transmitted off-host to external APIs. This can lead to unintentional disclosure of sensitive local documents, private URLs, transcripts, or embedded metadata, especially because the skill explicitly supports local files and optional external services such as Google, OpenAI, Anthropic, Firecrawl, and Apify.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.