Skillv1.0.0

ClawScan security

Summarize Pro 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 6, 2026, 12:17 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a local summarizer, but there are small inconsistencies (undeclared config path, mismatched metadata owner, and broad read/write permissions) that you should verify before installing.
Guidance: This skill appears to do what it claims (a local summarizer), but check three things before installing: (1) confirm with your platform whether the 'read' permission is limited to the skill's own data directory — otherwise it might be able to read other files; (2) ask why the manifest omitted the config path even though SKILL.md writes to ~/.openclaw/summarize-pro (that should be declared); and (3) note the small metadata mismatches (ownerId differs between registry metadata and _meta.json) as a sign to verify the publisher's identity. If you require a strict guarantee that no network calls are ever made, verify platform-level network restrictions or sandboxing, because the skill's claim of 'no external API calls' is a statement in prose and not technically enforced by the files provided here.

Review Dimensions

Purpose & Capability: okThe name/description (summarization of long content) matches the actions described: producing summaries, storing settings/history, and supporting multiple summary formats. Requesting local read/write access and a local data directory is coherent for a tool that stores history and settings.
Instruction Scope: noteSKILL.md instructs the agent to create and use ~/.openclaw/summarize-pro and to read/write JSON files there — which is within the summarizer's scope. However, that config path is not listed in the skill's top-level 'Required config paths', so the runtime instructions and the declared manifest are inconsistent. Also the claim 'All processing happens locally — NO external API calls' is an assertion in prose but not enforced by this instruction-only bundle; confirm platform-level network restrictions if you need that guarantee.
Install Mechanism: okInstruction-only skill with no install spec and no code files is low-risk from an install standpoint — nothing is downloaded or written by an installer beyond the user's own created data directory.
Credentials: concernThe SKILL.md metadata requests 'read' and 'write' tools. For storing settings/history this is reasonable, but those permissions are broad: read access could allow the agent to read arbitrary files outside the intended directory unless the platform scopes them. The skill declares no required environment variables (good), but the manifest does not explicitly declare the config path it will create/use, which reduces transparency.
Persistence & Privilege: noteThe skill persists user summaries and stats under ~/.openclaw/summarize-pro. That's expected for a history-enabled summarizer, but it does create durable files in the user's home directory. The skill is not 'always: true' and does not request special privileges beyond storing its own data.