ClawHub

Bytesagain Doc Summarizer

v1.0.1

Summarize and analyze text documents without external APIs. Use when extracting key points from reports, ranking bullet points, identifying keywords, checkin...

0· 53·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise local document summarization and analysis; the provided shell script and embedded Python implement summary, bullets, keywords, stats, outline, and compare using only local file reads and text processing. Required tools (bash, python3) match the stated purpose and no unrelated credentials or binaries are requested.
Instruction Scope
The SKILL.md usage and commands align with the script. However, the script uses single-quoted here-documents (<< 'PYEOF') but embeds "$file", "$f1", "$f2" etc. inside the Python code. Because the here-doc delimiter is single-quoted, shell variable expansion is suppressed and the Python code will attempt to open files literally named "$file" (not the intended path). This is a functional bug (not a secret-exfiltration or scope creep). The script otherwise only reads the files the user supplies and does not send data externally.
Install Mechanism
No install spec or external downloads are provided; this is instruction-only with a bundled script. No archives or remote installers are used, so there is minimal install risk.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportional to its stated functionality (local text processing).
Persistence & Privilege
The skill does not request permanent presence (always:false) nor modify system settings. It is user-invocable and can run autonomously per platform default, which is expected for skills; no elevated or persistent privileges are requested.
Assessment
This skill appears to do only local text processing and does not request credentials or make network calls — that matches its description. However, the bundled script has a bug: the embedded Python blocks use a single-quoted here-doc so shell variables like $file are not expanded, meaning the tool will likely fail to open the file you pass. Before installing or running: (1) inspect or run the script locally and fix the here-docs (remove the single quotes so variables expand, or pass filenames via command-line args into Python); (2) run it on non-sensitive sample files first to confirm behavior; and (3) because the script reads any file you point it at, avoid passing secrets or system configuration files to it. If you want a turnkey fix, ask the author to remove the single quotes on the here-doc delimiters (or otherwise inject the filename safely into the Python code).

Like a lobster shell, security has layers — review code before you run it.

latestvk972y6xe0yd1eczfswmh2g1psh83v4jp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments