ClawHub

Summarizer (x64 infrastructure)

v1.0.3

Summarize URLs or files with the summarize CLI (x86_64 infrastructure supported).

0· 642·0 current·0 all-time
by@speechybubble
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (summarize URLs and local files using the 'summarize' CLI) matches the required binary and install methods (npm/brew). However there are inconsistencies in metadata: top-level registry Owner ID and slug ('summarizerx64') differ from the _meta.json ownerId and slug ('summarizerx86'), which could indicate packaging/copy-paste errors or provenance issues that deserve verification.
Instruction Scope
SKILL.md instructs the agent to run the summarize CLI on URLs, local files and YouTube links — this is within scope. It also references an optional config file (~/.summarize/config.json) and optional fallbacks (Firecrawl / Apify) which explain some extra environment variables and external calls. The instructions do not ask the agent to read unrelated system files or secrets beyond those needed for summarization.
Install Mechanism
Installers are npm (@speechybubble/summarize) and a brew formula (speechybubble/tap/summarize). Both are standard package distribution mechanisms and do not pull from arbitrary URLs or extract unknown archives; this is proportionate for a CLI tool.
!
Credentials
SKILL.md references multiple provider API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, XAI_API_KEY, GEMINI_API_KEY) and optional FIRECRAWL_API_KEY / APIFY_API_TOKEN, but the skill metadata lists no required env vars. The instructions therefore access environment variables not declared in requires.env. Also, summarizing local files implies sending file contents to third-party LLM providers or fallback services — a legitimate capability but a privacy/exfiltration risk that should be acknowledged before installing.
Persistence & Privilege
The skill is not marked always:true and uses normal, user-invocable/autonomous invocation defaults. It does not request system-wide config changes or other skills' credentials in the provided materials.
What to consider before installing
This skill looks like a real summarizer CLI, but check a few things before installing: (1) verify the package/tap actually belongs to the GitHub project shown (inspect the npm package and the brew tap contents) because the registry metadata (owner ID/slug) and _meta.json names disagree; (2) be aware that summarizing local files will read file contents and send them to whichever LLM provider or fallback service you configure — do not summarize sensitive files unless you trust the target provider and have reviewed the CLI code; (3) the SKILL.md mentions many environment variables (provider API keys, FIRECRAWL, APIFY) that are optional but powerful — only set them if necessary and in scoped accounts/keys; (4) if you want lower risk, inspect the npm package contents locally (or vendor the binary) before installing, or limit the skill to summarizing non-sensitive URLs only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fss1tq1dqsv1f21cr78n82181cp6a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧾 Clawdis
Binssummarize

Install

Install summarize (npm, speechybubble)
Bins: summarize
npm i -g @speechybubble/summarize
Install summarize (brew, macOS)
Bins: summarize
brew install speechybubble/tap/summarize

Comments