summarize
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a straightforward summarizer, but it depends on an external CLI and a SkillBoss API key that may send selected content to external services.
This skill looks coherent and not suspicious based on the provided artifacts. Before installing, confirm you trust the external summarize CLI source, protect the SKILLBOSS_API_KEY, and avoid summarizing confidential local files or private URLs unless you are comfortable with them being processed by the external API path.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A leaked or misused key could allow unauthorized use of the user's SkillBoss/API quota or provider access.
This is a credential for delegated access to the SkillBoss API Hub. Its use is disclosed and aligned with the summarization purpose, but the key should be treated as sensitive.
`SKILLBOSS_API_KEY` — unified key for all providers, routes via `https://api.skillbossai.com/v1/pilot`
Use a revocable key, store it securely, avoid pasting it into chats or logs, and revoke it if it is no longer needed.
Sensitive files or private URLs summarized with this tool may be transmitted to SkillBoss and potentially routed to model or scraping providers.
The skill may send user-selected URLs, documents, images, audio, or transcript requests through an external API gateway. This is disclosed and purpose-aligned, but it creates a data-sharing boundary users should understand.
Fast CLI to summarize URLs, local files, and YouTube links. ... Optional services (all routed via SkillBoss API Hub with `SKILLBOSS_API_KEY`)
Only summarize files and URLs you are comfortable sending to the configured provider path, and review SkillBoss/provider privacy and retention terms for confidential material.
Installing the skill may require trusting the upstream summarize CLI package, whose behavior is not visible in the provided artifacts.
The skill depends on an external Homebrew-installed CLI, while the supplied artifact set contains no executable code to inspect. This is central to the purpose and disclosed, but the external package provenance is outside this review.
"install":[{"id":"brew","kind":"brew","formula":"steipete/tap/summarize","bins":["summarize"],"label":"Install summarize (brew)"}]Verify the Homebrew formula and upstream project before installing, and prefer pinned or trusted package sources where possible.