Summarize
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears coherent for summarizing links, videos, and files, but users should notice that it installs an external CLI and may use third-party AI or extraction services.
This skill is reasonable for its stated purpose. Before installing, verify that you trust the Homebrew package source, configure only the API keys you intend to use, and avoid sending confidential files or private URLs to external providers unless that is acceptable for your workflow.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be trusting the external Homebrew package that provides the summarize command.
The skill relies on installing an external Homebrew CLI package. That is coherent with a CLI skill, but the executable itself is not included in the provided artifacts.
"install": [{ "id": "brew", "kind": "brew", "formula": "steipete/tap/summarize", "bins": ["summarize"] }]Install only if you trust the Homebrew tap and the summarize project source; keep the CLI updated through normal package-management practices.
The CLI may use your configured model-provider account and could incur usage charges or access whatever privileges that API key grants.
The skill documents use of provider API credentials. This is expected for a model-backed summarization CLI and no hardcoded keys or unrelated credential use are shown.
Set the API key for your chosen provider: OpenAI: `OPENAI_API_KEY`; Anthropic: `ANTHROPIC_API_KEY`; xAI: `XAI_API_KEY`; Google: `GEMINI_API_KEY`
Use provider keys with the minimum needed scope, monitor usage, and avoid sharing keys in prompts or files.
Private documents, URLs, or video transcript content may be sent to third-party services for summarization or extraction.
The skill can process local files using external model providers and optional extraction services. This is purpose-aligned, but it means document or URL content may leave the local environment depending on the CLI behavior and selected services.
summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview ... Optional services: `FIRECRAWL_API_KEY` for blocked sites; `APIFY_API_TOKEN` for YouTube fallback
Do not use it on confidential files or sensitive links unless you are comfortable with the configured provider and optional services handling that content.