Summarize Backup
v1.0.0Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube).
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, required binary ('summarize'), and the brew install (steipete/tap/summarize) all align with a CLI-focused summarization tool. Required binaries and declared install match the stated purpose.
Instruction Scope
SKILL.md limits runtime actions to invoking the summarize CLI on URLs or local files and documents optional env vars and a config file (~/.summarize/config.json). It does not instruct the agent to read unrelated system files or exfiltrate data, but it does reference a home-directory config path and several optional API tokens that are not listed in the registry's required-env or required-config fields (these appear to be optional rather than required).
Install Mechanism
Install uses a Homebrew formula (steipete/tap/summarize). Brew installs are normal for CLIs, but this is a third-party tap rather than a core/homebrew formula — verify the tap and formula source before installing to ensure the binary is legitimate.
Credentials
SKILL.md documents multiple provider API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, XAI_API_KEY, GEMINI_API_KEY) plus optional FIRECRAWL_API_KEY and APIFY_API_TOKEN. Requesting multiple provider keys is expected for a tool that can use different LLM providers and optional extraction services; no unrelated secrets or excessive credential requests are present, and the registry declares no required env vars.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It mentions an optional per-user config file (~/.summarize/config.json) where model keys or default models can be stored; the existence of that config is reasonable but the metadata did not list it under required config paths, so users should be aware the CLI may read/write that file.
Scan Findings in Context
[no_regex_findings] expected: The package is instruction-only (no code files). The scanner had nothing to analyze; this is expected but means the binary installed by Homebrew is the primary artifact to inspect before trusting the skill.
Assessment
This skill appears to do what it says — it invokes a local 'summarize' CLI to summarize URLs and files and optionally uses model provider APIs. Before installing or using it: 1) Verify the Homebrew tap and formula source (steipete/tap) to ensure the binary comes from a trustworthy repo. 2) Inspect the installed 'summarize' binary or its upstream source code if possible. 3) Use least-privilege API keys (limited quotas/permissions) for model providers and for APIFY/FIRECRAWL, and avoid putting high-privilege secrets in ~/.summarize/config.json. 4) If you need stronger isolation, run the CLI in a sandbox/container or test on non-sensitive files first. If you want, I can fetch the brew formula URL and summarize its contents or tell you how to inspect the installed binary safely.Like a lobster shell, security has layers — review code before you run it.
latestvk979a98a8x96vpqsvcvbfhh1f583pe5m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧾 Clawdis
Binssummarize
Install
Install summarize (brew)
Bins: summarize
brew install steipete/tap/summarize