Content Summarizer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a purpose-aligned URL/text summarizer, with normal cautions around fetching arbitrary URLs, saving extracted text locally, and reusing generated prompts with another AI.
This skill appears safe for normal public URL and text summarization. Before installing or using it with sensitive material, remember that it fetches whatever URL you provide, stores summaries locally by default, and creates prompts that may include untrusted webpage text.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at sensitive internal or local network resources, the fetched content may be summarized and saved locally.
The script fetches a user-supplied URL with curl. This is central to the skill’s purpose, but it means the skill can retrieve arbitrary URLs provided to it, including private or internal addresses if the user supplies them.
curl -sL --max-time 30 -A "Mozilla/5.0 (compatible; ContentSummarizer/1.0)" "$URL"
Use it only on URLs you intend to fetch, and avoid internal/admin/private endpoints unless you explicitly want their content processed.
Copied prompts could carry prompt-injection text from the original webpage into another AI workflow.
Extracted webpage content is inserted directly into a prompt intended for use with another AI. A malicious webpage could contain instructions that a downstream model might follow if the prompt is reused without safeguards.
Article text: $CLEAN_TEXT Please provide:
Treat extracted article text as untrusted data; review it before reuse and tell downstream AI systems not to follow instructions contained inside the source text.
Private text or extracted page content may remain on disk after summarization.
The script saves generated summaries to a local directory by default. Those files can include the original text inside the AI enhancement prompt.
OUTPUT_DIR="${OUTPUT_DIR:-/tmp/summaries}"
...
cat > "$OUTPUT_FILE" << EOFFor sensitive content, set OUTPUT_DIR to a protected location and delete generated summary files when no longer needed.