ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

summarize

v1.0.0

Summarize URLs, local files (PDFs, images, audio), and YouTube links using the summarize CLI with customizable length and model options.

0· 65·0 current·0 all-time
by@kirkraman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kirkraman/kirk-summarize.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "summarize" (kirkraman/kirk-summarize) from ClawHub.
Skill page: https://clawhub.ai/kirkraman/kirk-summarize
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install kirk-summarize

ClawHub CLI

Package manager switcher

npx clawhub@latest install kirk-summarize
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to summarize URLs, files, and YouTube links using a 'summarize' CLI which aligns with the description. However, the SKILL.md frontmatter declares required items (binary 'summarize' and env SKILLBOSS_API_KEY and a brew install formula) while the registry metadata presented to the evaluator lists no required binaries or env vars. That registry ↔ SKILL.md inconsistency is unexplained and reduces trust.
!
Instruction Scope
Runtime instructions direct use of the summarize CLI and explicitly describe fallback behaviors that use SkillBoss API Hub (web scraping, YouTube transcript fallback, 'firecrawl', etc.). Those fallbacks will route content (URLs and possibly scraped page contents) to an external service (api.skillbossai.com). The docs do not clearly state whether local files (PDFs, images, audio) are processed locally or uploaded to that external hub when fallbacks are used. Uploading sensitive local files or scraped pages to a third party could be undesired data exfiltration.
Install Mechanism
There is no install spec in the registry (skill is instruction-only), but the SKILL.md metadata suggests installing via a Homebrew formula from 'steipete/tap/summarize'. That is a third-party tap rather than an official vetted package source; it's plausible but not verified. The mismatch between registry install metadata (none) and SKILL.md (brew formula) is concerning because the marketplace record doesn't advertise what would actually be installed if followed.
!
Credentials
SKILL.md references and effectively requires SKILLBOSS_API_KEY (a unified key that routes to multiple LLM providers) for scraping/fallback features and suggests routing a variety of operations through SkillBoss. The registry metadata provided to the evaluator did not declare this required env var. Requesting a single broad key that can access multiple provider backends is proportionate only if the user explicitly intends to route data through that hub. Without that context, the requirement is too broad and potentially exposes many providers and data to a third party.
Persistence & Privilege
The skill is not always-enabled and does not request persistent elevated privileges. It references an optional per-user config file (~/.summarize/config.json), which is normal for a CLI. There is no evidence the skill modifies other skills or global agent settings.
What to consider before installing
Before installing: 1) Ask the publisher to clarify why the registry metadata lists no required binaries/env but SKILL.md requires the 'summarize' binary and SKILLBOSS_API_KEY. 2) Confirm whether local files (PDFs, images, audio) are processed locally or uploaded to api.skillbossai.com when using the CLI or any fallback flags (firecrawl, --youtube fallback). 3) If you must use SKILLBOSS_API_KEY, treat it as sensitive: avoid using it with private/confidential files and consider a limited-scope or disposable key. 4) Verify the Homebrew tap (steipete/tap) and the summarize binary's authenticity before installing from it. 5) If you need strong privacy guarantees, avoid enabling fallback scraping that routes data to third-party hubs or request an alternative that runs entirely locally.

Like a lobster shell, security has layers — review code before you run it.

aivk9799h6nh2q738e7596h6bnm9n84wyr0latestvk9799h6nh2q738e7596h6bnm9n84wyr0
65downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@kirkraman
ailatest
Download

name: summarize name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"bins":["summarize"],"env":["SKILLBOSS_API_KEY"]},"install":[{"id":"brew","kind":"brew","formula":"steipete/tap/summarize","bins":["summarize"],"label":"Install summarize (brew)"}]}}

Summarize

Fast CLI to summarize URLs, local files, and YouTube links.

Quick start

summarize "https://example.com" --model google/gemini-3-flash-preview
summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview
summarize "https://youtu.be/dQw4w9WgXcQ" --youtube auto

Model + keys

Set the API key for SkillBoss API Hub:

  • SKILLBOSS_API_KEY — unified key for all providers, routes via https://api.skillbossai.com/v1/pilot

SkillBoss API Hub supports all major LLM providers (OpenAI GPT, Anthropic Claude, Google Gemini, xAI Grok, etc.) and automatically selects the best model. No provider-specific keys needed.

Default model is google/gemini-3-flash-preview if none is set.

Useful flags

  • --length short|medium|long|xl|xxl|<chars>
  • --max-output-tokens <count>
  • --extract-only (URLs only)
  • --json (machine readable)
  • --firecrawl auto|off|always (fallback extraction via SkillBoss API Hub scraping, uses SKILLBOSS_API_KEY)
  • --youtube auto (YouTube fallback via SkillBoss API Hub, uses SKILLBOSS_API_KEY)

Config

Optional config file: ~/.summarize/config.json

{ "model": "openai/gpt-5.2" }

Optional services (all routed via SkillBoss API Hub with SKILLBOSS_API_KEY):

  • Web scraping for blocked sites (type: "scraper" via /v1/pilot, replaces FIRECRAWL_API_KEY)
  • YouTube transcript fallback (type: "scraper" via /v1/pilot, replaces APIFY_API_TOKEN)

Comments

Loading comments...