ClawHub
Back to skill
v1.0.1

Dizest Summarize

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:36 AM.

Analysis

This is a coherent external summarizer, but it sends the content you provide to Dizest's API using your Dizest API key.

GuidanceInstall and use this skill if you are comfortable sending the content you ask it to summarize to Dizest. Configure DIZEST_API_KEY securely, and avoid submitting confidential documents or secrets unless Dizest's privacy and retention policies are acceptable to you.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
All requests require the `x-api-key` header. The value should come from the `DIZEST_API_KEY` environment variable.

The skill uses a Dizest account API key to authenticate requests. This is expected for the service but gives the skill delegated access to that account/API quota.

User impactAnyone running the skill with this environment variable can make Dizest API requests as the configured account.
RecommendationStore the API key in the environment rather than pasting it into chats, use any available key-specific controls, and rotate the key if it is exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
The agent's only job is to forward the user's input to the API exactly as provided.

The skill crosses a data boundary by sending whatever the user provides—URLs, notes, transcripts, or documents—to Dizest's external API for processing.

User impactContent submitted for summarization may be processed by a third-party service; sensitive or confidential material should only be submitted if the user is comfortable with Dizest handling it.
RecommendationReview Dizest's privacy and retention terms, and avoid sending secrets or confidential documents unless the provider policies meet your needs.