test-summary
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent summarization skill, but users should notice that it installs an external CLI and may use provider API keys to process URLs or user-selected files.
This skill appears purpose-aligned and user-directed. Before installing, verify the external Homebrew package and publisher, use limited-scope API keys where possible, and avoid sending sensitive documents to providers unless their privacy terms are acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may install and run a third-party CLI outside the reviewed artifact contents.
The skill depends on installing an external Homebrew formula rather than code included in the artifact set. This is normal for a CLI-wrapper skill, but users are trusting that external package source.
brew | formula: steipete/tap/summarize | creates binaries: summarize
Review the Homebrew formula and the summarize CLI source or publisher before installing, especially if using it with private files or API keys.
The package identity information is inconsistent, which can make provenance harder to verify.
The embedded metadata does not match the supplied registry metadata, which lists a different owner ID, slug, and version. This is a packaging/provenance inconsistency to notice, but the functional instructions still align with the stated summarization purpose.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "summarize", "version": "1.0.0"
Confirm the intended package identity and publisher before trusting the installed CLI.
If configured, the CLI can make requests billed or authorized under the user's model-provider account.
The skill may use model-provider credentials. This is expected for a model-backed summarizer, but those credentials grant access to the user's provider account.
Set the API key for your chosen provider: - OpenAI: `OPENAI_API_KEY` - Anthropic: `ANTHROPIC_API_KEY` - xAI: `XAI_API_KEY` - Google: `GEMINI_API_KEY`
Use provider keys with appropriate limits and avoid sharing keys in command history, logs, or chat transcripts.
Private documents or media supplied to the CLI may be sent to external model or extraction providers for summarization.
The skill is designed to summarize user-selected local files through a configured model provider. That is purpose-aligned, but users should treat selected documents as content that may be processed by external services.
summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview
Only summarize files and URLs that you are comfortable processing with the selected provider, and review the provider's privacy and retention settings.