by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent with its stated purpose (a CLI summarizer): it requires a summarize binary (installable via a brew tap) and documents the expected API keys and config paths used for fetching and summarization.
评估建议
This skill is coherent for a summarization CLI, but before installing: 1) Inspect the steipete/tap/summarize Homebrew formula or the project's GitHub/release page to ensure you trust the binary’s source; 2) Only provide API keys you trust for the providers you intend to use (the tool supports many backends and optional extraction tokens); 3) Be aware the CLI will fetch external URLs and may call LLM provider endpoints and optional extractor services (FIRECRAWL/APIFY); 4) If you have security con...详细分析 ▾
✓ 用途与能力
The name/description (summarize URLs/PDFs/images/audio/YouTube) aligns with the declared requirement: a 'summarize' CLI binary and optional provider API keys. Optional services mentioned (FIRECRAWL, APIFY) are relevant to extracting blocked sites and YouTube content.
✓ 指令范围
SKILL.md instructs the agent to run the summarize CLI against URLs, local files, and YouTube links and documents config location (~/.summarize/config.json) and flags. It does not direct the agent to read unrelated system files or to exfiltrate data to unexpected endpoints beyond the providers and extractor services it lists.
ℹ 安装机制
Install is via Homebrew formula steipete/tap/summarize (creates a 'summarize' binary). Using a third-party Homebrew tap is common for CLI tools but has more trust surface than an official formula; users should review the tap/formula or the upstream release source before installing.
ℹ 凭证需求
SKILL.md references multiple provider API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, XAI_API_KEY, GEMINI_API_KEY/aliases) and optional FIRECRAWL/APIFY tokens — these are proportionate for a summarizer that supports multiple LLM backends and extraction helpers. Registry metadata lists 'Required env vars: none' which is acceptable if keys are optional, but users should be aware the CLI will behave differently depending on which keys are supplied.
✓ 持久化与权限
Skill is not forced-always and does not request special platform-wide privileges. It documents writing/reading an optional per-user config file (~/.summarize/config.json), which is expected for CLI configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/16
- Initial release of the Summarize skill, a fast CLI tool for summarizing URLs, local files, and YouTube links. - Supports multiple content types: URL, PDF, image, audio, and YouTube. - Allows model selection and API configuration, with support for OpenAI, Anthropic, xAI, and Google (Gemini). - Provides flexible output options, including summary length, JSON formatting, and extraction modes. - Includes optional config file support and fallback services for web and YouTube extraction. - Default model set to google/gemini-3-flash-preview if not specified.
● 无害
安装命令 点击复制
官方npx clawhub@latest install summarize-xhs
镜像加速npx clawhub@latest install summarize-xhs --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制