Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
smart summarizer
v1.0.0Summarizes URLs, articles, YouTube videos, PDFs, and pasted text into a structured digest with TL;DR, key takeaways, and action items. Use this skill wheneve...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (summarize URLs, YouTube, PDFs, pasted text) aligns with the instructions. Requested capabilities (fetch pages, extract transcripts/PDF text, summarize pasted text) are reasonable for the described purpose. The only persistent artifact (saving summaries) is coherent with the archive feature.
Instruction Scope
The SKILL.md tells the agent to fetch arbitrary URLs (via web search or direct fetch), extract YouTube transcripts, and extract PDF text — all expected — but it also instructs the agent to auto-activate when a user shares a URL without explicit instruction. That proactive activation combined with automatic fetching and saving of content could cause network requests and local writes the user didn't explicitly consent to. The archive read/write behaviour (scan ~/.openclaw/summaries) is specified and limited to its own path, but it still implies the skill will both write and later read user data.
Install Mechanism
No install spec and no code files (instruction-only). This is low risk from an install perspective because nothing is fetched or written at install time.
Credentials
The skill requests no environment variables, no credentials, and no config paths beyond its own archive directory. That is proportionate to a summarizer. One note: the instructions mention doing web searches or fetching content; if the runtime implementation uses third‑party search or transcript APIs it may need keys, but none are declared.
Persistence & Privilege
The skill persists summaries to ~/.openclaw/summaries/[YYYY-MM-DD]-[slug].md and will scan that archive on request. Writing to its own per-user directory is normal, but combined with the automatic activation heuristic it means the skill may autonomously fetch, store, and later read user-shared content. The skill is not marked always:true and does not request system-wide config changes.
What to consider before installing
This skill appears to do what it says (summarize content) and has no install or credential requirements, but it does two things you should be aware of: (1) it will automatically activate and fetch any URL a user shares (per the instructions), and (2) it saves summaries to ~/.openclaw/summaries and will read that folder when asked. If you care about privacy or accidental fetching of sensitive links, ask the publisher to: disable or make explicit the automatic activation on link-sharing (require user confirmation), allow opting out of local archival or choosing the archive path, and document whether external search/transcript APIs are used and whether they require any credentials. If you decide to install, ensure your agent's autonomy settings require confirmation before fetching external URLs or performing network I/O for unprompted link shares.Like a lobster shell, security has layers — review code before you run it.
latestvk97aj2pamd40f1gzas7w5wa72984agpc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.