MH summarize
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent wrapper for a summarization CLI, with normal but important notes about trusting the external install source and any model or extraction providers used.
This looks reasonable for a summarization/transcription helper. Before installing, make sure you trust the Homebrew formula and avoid running it on sensitive files or private links unless you trust the configured model and extraction providers.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill will rely on code distributed outside the provided artifact set.
The skill depends on an external Homebrew tap to install the executable. This is expected for a CLI skill, but it means users are trusting that package source.
brew | formula: steipete/tap/summarize | creates binaries: summarize
Install only if you trust the Homebrew tap and the summarize CLI source.
Provider keys could allow API usage and billing under the user's account if configured.
The skill may use provider API credentials. This is purpose-aligned for model-backed summarization and is disclosed, but users should handle those credentials carefully.
Set the API key for your chosen provider: OpenAI: `OPENAI_API_KEY`; Anthropic: `ANTHROPIC_API_KEY`; xAI: `XAI_API_KEY`; Google: `GEMINI_API_KEY`
Use dedicated, revocable provider keys with appropriate spending limits and avoid sharing sensitive keys unnecessarily.
Private documents, URLs, or transcript content could be sent to the configured model or extraction provider during summarization.
The skill can process local files and URLs using model providers and optional extraction services. This is central to the skill, but users should recognize that selected content may leave the local machine for processing.
summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview ... Optional services: `FIRECRAWL_API_KEY` for blocked sites; `APIFY_API_TOKEN` for YouTube fallback
Do not use the skill on confidential files or private URLs unless you are comfortable with the configured providers processing that content.