ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NanoBanana PPT Skills

v0.1.0

基于 AI 自动分析文档内容,智能规划并生成多风格高清 PPT 图片,支持可选转场视频和交互式播放体验。

2· 2.7k·7 current·10 all-time
by@itrocker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and code clearly implement an AI-driven PPT + video generator using a Google/Gemini image API (named 'Nano Banana Pro' / GEMINI_API_KEY) and an optional Kling video API (KLING_ACCESS_KEY/KLING_SECRET_KEY) — those credentials and APIs make sense for the stated purpose. However, the registry metadata claims no required env vars or primary credential while SKILL.md documents GEMINI_API_KEY as required (and optional KLING keys). That mismatch between declared registry requirements and the runtime instructions is an incoherence the user should notice.
!
Instruction Scope
The runtime instructions ask the agent to read user files and directories (document paths, styles/, outputs/), to search upward for .env files and dotfiles, to change into ~/.claude/skills/ppt-generator, and to run Python scripts and install scripts. Critically, the README/SKILL.md explicitly suggests pasting API keys into prompts sent to Claude Code (and shows sample prompts containing 'MY API KEYS'), which would expose secrets in chat. The instructions also recommend adding exports to ~/.zshrc and describe scanning for environment variables across locations — behavior that can leak or pick up other unrelated credentials.
Install Mechanism
There is no formal registry install spec; instead the repo includes install scripts (install_as_skill.sh, run.sh) and SKILL.md shows git clone + install steps (pip install, virtualenv, optionally brew/apt for ffmpeg). Pulling code from the referenced GitHub repo is standard for open-source tools, but because installation is manual (or delegated to an LLM via instructions), the user should review install scripts before running them. There is no download-from-untrusted-URL pattern here, but absence of a declared install spec in the registry vs. included scripts is an inconsistency to note.
!
Credentials
The only functional required secret is GEMINI_API_KEY (reasonable). Optional KLING keys are justified for video features. However the docs also mention placeholder keys for other services (OpenAI, Anthropic, Stability) and recommend searching multiple locations for .env and ~/.zshrc, which could cause accidental exposure or reuse of unrelated credentials. Also the README/QUICKSTART contains explicit examples that encourage copying API keys into prompts or into ~/.zshrc — both increase the risk of secret leakage if followed blindly.
!
Persistence & Privilege
The skill is not declared always: true (so not force-installed), but the installation and usage instructions create files under ~/.claude/skills/ppt-generator, may write a .env there, and explicitly recommend appending export lines to shell config files (~/.zshrc). Modifying shell startup files and creating persistent skill directories are normal for a skill, but these instructions change user environment and could inadvertently persist secrets or affect other workflows. Review any install scripts that modify shell config before running them.
What to consider before installing
Summary of what to check before installing/using: - Do not paste API keys into chat prompts. The README contains example prompts that include 'MY API KEYS' — sending actual keys into conversation will leak them to the agent/skill. - Verify the repository/source before cloning. The skill references a GitHub repo; confirm the URL and owner are legitimate and review the repo on GitHub rather than relying solely on the SKILL.md. - Inspect install scripts (install_as_skill.sh, run.sh) and any scripts that modify ~/.zshrc or write .env files before executing them. Ensure they do not add unexpected remote endpoints, telemetry, or write secrets to shared locations. - Prefer manual installation: create a virtualenv, run pip installs yourself, and populate a local .env that you control. Avoid letting an agent perform the git clone + install steps with secrets provided in prompts. - Limit where API keys are stored: prefer a skill-specific .env in the skill directory or system environment variables with limited scope. Be cautious because the code's described search-upward behavior for .env could pick up keys from unrelated projects. - If you need only image generation, skip providing KLING keys (video service) unless you plan to use video features. - If you decide to proceed, run the scripts in a sandboxed environment first (or examine them line-by-line). If anything in the scripts looks like it exfiltrates data to unknown endpoints, stop and revoke any keys that were used. Overall: functionality looks coherent with the stated feature set, but several instruction-level practices (encouraging keys in prompts, modifying shell startup files, searching multiple .env locations) are risky — treat this skill as suspicious until you manually review the code and scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk971fe5z8grnekzz65tqy4hrbx801bq2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments