skill-ts
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward summarization CLI wrapper, but users should notice it installs an external Homebrew tool and may use provider API keys or external services to process files and URLs.
Install this if you trust the summarize CLI and its Homebrew tap. Before use, decide which provider API keys you want it to access, and only summarize files or URLs you are comfortable sending to the configured model or extraction services.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed summarize binary is what will process your URLs and files, so its source and updates matter.
The skill's functionality depends on installing and trusting an external Homebrew formula rather than code included in the skill package. This is expected for a CLI wrapper, but it is still a supply-chain dependency.
brew | formula: steipete/tap/summarize | creates binaries: summarize
Install only if you trust the summarize CLI source and Homebrew tap; review the project homepage or formula before use if provenance is important.
The skill appears functionally coherent, but the package identity metadata is not perfectly consistent.
The packaged _meta.json identity does not match the registry-provided owner/slug shown for the skill under evaluation, which introduces a small provenance/coherence ambiguity.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "summarize"
Verify that this is the intended summarize skill and publisher before installing in a sensitive environment.
Summaries may consume quota or incur costs on whichever provider key you configure.
The skill documents use of provider API keys for model access. This is purpose-aligned, but it gives the CLI access to paid or quota-limited provider accounts.
Set the API key for your chosen provider: OpenAI: `OPENAI_API_KEY`; Anthropic: `ANTHROPIC_API_KEY`; xAI: `XAI_API_KEY`; Google: `GEMINI_API_KEY`
Use only the provider keys you intend to use, prefer scoped or low-risk keys where available, and monitor usage.
Files or links you ask it to summarize may be sent to external model or extraction providers.
The skill can process local files, URLs, and YouTube links through model providers and optional extraction services. That external processing is aligned with summarization, but it may expose submitted content to those services.
summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview ... `--firecrawl auto|off|always` ... `--youtube auto` (Apify fallback if `APIFY_API_TOKEN` set)
Avoid summarizing confidential files or private URLs unless you trust the configured providers and their data-handling policies.