Summarize
v1.0.0Summarize or extract text/transcripts from URLs, podcasts, and local files (great fallback for “transcribe this YouTube/video”).
⭐ 0· 208·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (summarize URLs, local files, YouTube) aligns with the declared runtime requirement of a 'summarize' binary and the CLI examples. The listed provider API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY/XAI_API_KEY) and optional service keys (FIRECRAWL_API_KEY, APIFY_API_TOKEN) are coherent with a tool that fetches content and uses external LLMs or crawling fallbacks. One inconsistency: the registry metadata states 'Required env vars: none' while SKILL.md documents multiple env vars the CLI can use (these are optional, but the metadata omission is misleading).
Instruction Scope
SKILL.md contains concrete CLI usage examples, flags, and a single optional config path (~/.summarize/config.json). It instructs the agent to run the summarize binary against URLs and local files (expected). It does not instruct broad system file reads beyond the optional config path, nor does it ask to exfiltrate data to unexpected endpoints. It does reference external services/APIs (LLM providers, Firecrawl, Apify) which is expected for this use case.
Install Mechanism
Install uses Homebrew with formula steipete/tap/summarize. Using brew is reasonable, but the formula comes from a third‑party tap rather than an official core tap. That increases the need to review the formula/source before installing because brew will download and install code from that tap.
Credentials
The skill documents multiple API keys for various LLM/cloud providers and optional crawl services. Those are proportionate to a summarization/transcription tool that can use different backends. However, the skill metadata did not declare these env vars as required, which is an inconsistency that could confuse non-technical users about what secrets they must provide.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It uses an optional config file under the user's home directory (~/.summarize/config.json), which is appropriate for user-scoped configuration.
Assessment
This skill appears to do what it says, but review a few items before installing: (1) Inspect the Homebrew formula in steipete/tap to see what the package installs and where it fetches code from (third‑party taps are higher risk than official taps). (2) Only set API keys you trust and scope them appropriately — the CLI will use your provider keys to send content to external LLMs. (3) Check and secure the optional config file (~/.summarize/config.json) so it doesn't store secrets in plaintext or with wide permissions. (4) If you need higher assurance, run the binary in a sandbox or container the first time and monitor network activity to confirm it only accesses expected endpoints (LLM providers, crawl services) and not unrelated services.Like a lobster shell, security has layers — review code before you run it.
latestvk977k4xet6e88q7vnf6cd35y3983c48z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧾 Clawdis
Binssummarize
Install
Install summarize (brew)
Bins: summarize
brew install steipete/tap/summarize