ClawHub

get-tldr

Provide the summary returned by the get-tldr.com summarize API without further summarization; the skill should format the API output for readability but must not change its content.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 3.8k · 19 current installs · 20 all-time installs
by@itobey
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description match the actual behavior: the bundled Python script posts the provided URL to https://www.get-tldr.com/api/v1/summarize and returns the service JSON. Reading an API key from a config file, env var, or .env is consistent with calling an external summarize API.
!
Instruction Scope
SKILL.md instructs the agent to call the bundled script and not to re-summarize the API output — that is consistent. However, the script appends a log entry containing the timestamp, sent payload (the URL) and the full response to a logfile (default ~/.config/get-tldr/skill.log). That behavior is not emphasized in the high-level description and can capture sensitive URLs or returned content; user-facing instructions don't clearly call out the privacy implications.
Install Mechanism
This is an instruction-only skill with a bundled Python script and no install spec or remote downloads. The only runtime dependency is the requests Python library; the script error-exits with a message if requests is missing. No external installers, package pulls, or arbitrary downloads are present.
!
Credentials
The script requires an API key (config file ~/.config/get-tldr/config.json, GET_TLDR_API_KEY env var, or a .env in the skill folder), but the registry metadata lists no required env vars and no primary credential. That mismatch is an explicit inconsistency. Also, the script reads and writes files under the user's home (~/.config/get-tldr) and can read a local .env in the skill folder; these accesses are reasonable for configuration but should be disclosed.
Persistence & Privilege
The skill does not request always:true or special platform privileges and does not modify other skills. It does create/append a logfile and reads a config file in ~/.config/get-tldr by default — persistent on-disk logging of URLs/responses is the notable persistent behavior to consider.
What to consider before installing
This skill is coherent with its stated purpose (calling get-tldr.com) but has two practical concerns you should address before installing or using it: (1) It requires an API key (config or GET_TLDR_API_KEY), yet the registry metadata does not declare this — make sure you supply the key securely and update metadata if you publish it. (2) By default the script logs the sent URL and the entire API response to ~/.config/get-tldr/skill.log (unless configured otherwise). That log can contain sensitive URLs or returned content. Recommended actions: confirm where you will store the API key (prefer an OS secret manager or a secure config file), inspect and/or modify get_tldr.py if you want to disable or relocate logging, set a restrictive logfile path and file permissions, ensure the requests dependency is available in a controlled environment, and consider limiting automatic/autonomous invocation of the skill if you are concerned about repeated background requests. If the registry owner updates the metadata to declare the required credential and the logging behavior is disclosed or made configurable, the concerns would be largely addressed.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972j221yz0g3pv9ytxqytjhj9808a7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

get-tldr

Quick, deterministic skill to summarize the content of a link using the get-tldr.com API.

Usage pattern (for the agent):

  • Trigger when the user says something like: "get-tldr <link>" or "get-tldr" followed by a URL.
  • The skill will call the bundled script get_tldr.py with the URL as the single argument.
  • IMPORTANT: The API response is already a summary; the skill must NOT further summarize or alter the content — only take the value of the "summary" element of the json and format it for readability. Take the entire summary property, do not omit anything.
  • IMPORTANT: If the summary element of the response json from the API already is formatted in markdown, just return the formatted markdown. Do not omit anything and do not change the text. Make sure its not wrapped in a code block and if so remove the wrapping code block, so that it correctly renders as markdown, but not as a code block.

Files included:

  • get_tldr.py — small Python script (located in the skill folder) that posts {"input": "<URL>"} to https://www.get-tldr.com/api/v1/summarize using the required X-API-Key header and prints the JSON response to stdout. The script reads the API key and an optional logfile path from ~/.config/get-tldr/config.json (preferred), or falls back to the GET_TLDR_API_KEY environment variable or a .env file in the skill folder. If no logfile is configured the script defaults to ~/.config/get-tldr/skill.log.

Notes for maintainers:

  • Create the config file at ~/.config/get-tldr/config.json with the following structure (JSON):
{
  "api_token": "<your_key_here>",
  "logfile": "/path/to/logfile.log"
}
  • The script will use the "api_token" field from the config. If the config file is missing the script falls back to the GET_TLDR_API_KEY environment variable or a .env file in the skill folder.
  • IMPORTANT: Do not summarize the API response again; the skill should only format the response for readability and must not alter the content.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…