Ai Ppt Generator 1.1.3
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to perform its stated PPT-generation task, but it uses your Baidu API key, sends presentation content to Baidu, and runs local Python helper scripts.
This appears suitable for generating PPTs with Baidu AI if you are comfortable providing a Baidu API key and sending the presentation topic/content to Baidu. Avoid confidential material unless approved, monitor API usage, and review the complete local Python scripts before installing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Baidu API account to list templates and generate PPTs, which may affect quota or billing.
The script reads the user's Baidu API key from the environment and uses it as a bearer credential for Baidu API calls. This is expected for the stated Baidu PPT integration, but it gives the skill delegated access to the user's Baidu API account.
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_keyUse a dedicated or least-privileged Baidu API key if available, monitor usage, and revoke the key when you no longer need the skill.
Confidential topics or source material may be processed by Baidu, and the generated PPT is returned through a remote URL.
The script sends the user's PPT topic, generated outline data, and optional web content to Baidu's Qianfan AI PPT API. This is purpose-aligned, but it means presentation content leaves the local environment.
URL_PREFIX = "https://qianfan.baidubce.com/v2/tools/ai_ppt/" ... "query": query ... "web_content": web_content
Avoid sending sensitive or regulated content unless you are comfortable with Baidu processing it and have reviewed the provider's data handling terms.
Using the automatic template path runs local Python scripts on your machine or agent environment.
The automatic-template helper launches the included generate_ppt.py script as a subprocess. This local Python execution is central to the skill's stated workflow and is not hidden, but users should know the skill runs code locally.
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True
Install only from a trusted source and review the local scripts before use, especially if running in an environment with sensitive files or credentials.
The visible artifacts support the stated purpose, but the user should verify the full helper script before relying on it.
The provided artifact view for random_ppt_theme.py is truncated, and this script is part of the default automatic-template workflow. This is not evidence of malicious behavior, but it limits review of the exact installed helper.
"truncated": true
Review the complete installed random_ppt_theme.py file and confirm it matches the expected Baidu PPT generation behavior.