Back to skill
Skillv1.0.0
ClawScan security
Text Summarizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 2:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it provides a local Python extractive summarizer (TextRank+TF-IDF), requires no credentials or external installs, and its instructions match the code's behavior.
- Guidance
- This skill appears to be what it claims — a local extractive summarizer — and doesn't request secrets or network access. Before running: (1) ensure you have a safe execution environment with Python 3, (2) inspect the included script (already reviewed here) and confirm you are comfortable executing local code, (3) avoid feeding sensitive files you wouldn't want printed to stdout (the script will output excerpts of the input), and (4) note functional limitations (English-only tokenization, simple sentence splitting). If you plan to let an autonomous agent invoke this skill, remember the agent may pass arbitrary user text to the script — review agent policies for handling sensitive data.
Review Dimensions
- Purpose & Capability
- okName/description claim an extractive summarizer and the included Python script implements a TextRank + TF-IDF hybrid extractive algorithm. There are no unrelated environment variables, binaries, or configuration paths requested.
- Instruction Scope
- noteSKILL.md instructs the agent/user to pass text or files to the summarizer and the script reads either a provided --text string or a local input file and prints the extracted sentences. There is a small doc mismatch: examples refer to 'summarize.py' while the code is at 'scripts/summarize.py' — a packaging/path detail rather than a security concern. The instructions do not request other files, environment variables, or network calls.
- Install Mechanism
- okNo install spec is provided (instruction-only with an included script). Nothing is downloaded from the network and no archives are extracted. The contained code will run with a system Python interpreter.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The code does not access environment variables or external services.
- Persistence & Privilege
- okalways is false and the skill does not request permanent presence or attempt to modify other skill/system configuration. It only reads user-supplied input files or text.