20206 02 10 Clawhub Summarize 1.0.0
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward summarization CLI skill, with normal but important reliance on an external Homebrew package, external model providers, and optional API keys.
This skill is reasonable for its stated purpose. Before installing, verify that you trust the `summarize` Homebrew package and be careful about which API keys and local files or private URLs you use with it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may install and run a third-party CLI package on the user's machine.
The skill relies on an external Homebrew formula to provide the `summarize` binary. This is expected for a CLI-based skill, but it means installation trust depends on that package source.
brew | formula: steipete/tap/summarize | creates binaries: summarize
Install only if you trust the Homebrew tap and project; review the formula/source if provenance is important to you.
If configured, the CLI can use the user's provider accounts for model calls, web extraction, or YouTube fallback processing.
The skill documents use of provider and service credentials. This is purpose-aligned for summarization, but those credentials grant access to third-party accounts or quotas.
Set the API key for your chosen provider: - OpenAI: `OPENAI_API_KEY` - Anthropic: `ANTHROPIC_API_KEY` ... Optional services: - `FIRECRAWL_API_KEY` ... - `APIFY_API_TOKEN`
Use only the keys needed for your chosen provider, prefer restricted keys when available, and revoke or rotate keys if they are no longer needed.
Sensitive documents, URLs, transcripts, or media could be sent to external services as part of normal summarization use.
The examples combine local-file summarization with an external model selection. This is disclosed and expected, but it means file or URL content may be processed by the selected provider or fallback service.
summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview
Avoid using highly sensitive files or private URLs unless the selected provider's privacy and retention terms are acceptable.