AI PPT generate
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—generate PPTs through Baidu—but it requires a Baidu API key and sends your PPT content or resource links to Baidu.
This skill looks purpose-aligned and does not show hidden persistence, local data harvesting, or destructive behavior. Install it only if you are comfortable using Baidu/Qianfan for PPT generation, set BAIDU_API_KEY securely, and avoid submitting confidential documents or private URLs unless sharing them with Baidu is acceptable.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The Baidu API key may authorize account usage, quota consumption, or billing for the Baidu Qianfan service.
The skill uses a provider API credential. That is expected for Baidu PPT generation, but the registry metadata says no required env vars or primary credential, so users may not notice the account/API access requirement before install.
Ensure the BAIDU_API_KEY environment variable is set with your valid API key.
Use a dedicated, least-privilege Baidu API key where possible, keep it out of prompts and logs, and declare BAIDU_API_KEY in the skill metadata.
Any confidential topic text, outline content, document URL, image URL, or template URL provided to the skill may be processed by Baidu.
The script sends the user's PPT topic, outline, and optional resource or template URLs to Baidu's remote API. This is core to the stated purpose, but it is a third-party data boundary users should understand.
url = "https://qianfan.baidubce.com/v2/tools/ai_ppt/generate_ppt_by_outline" ... "query": query, "outline": outline ... if resource_url: params["resource_url"] = resource_url
Only provide documents, resource URLs, and template URLs that you are allowed to share with Baidu, and avoid using sensitive private files unless your organization approves that use.
Users have less external context for verifying who maintains the skill before trusting it with a Baidu API key.
The skill's visible code is coherent and no install-time execution is declared, but the registry does not provide an upstream source or homepage for provenance review.
Source: unknown; Homepage: none
Verify the publisher and code contents before installing, and prefer skills that provide a clear source repository or homepage.