v1.0.0

Ai Ppt Generator 1.1.3

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

This skill appears to perform its stated PPT-generation task, but it uses your Baidu API key, sends presentation content to Baidu, and runs local Python helper scripts.

GuidanceThis appears suitable for generating PPTs with Baidu AI if you are comfortable providing a Baidu API key and sending the presentation topic/content to Baidu. Avoid confidential material unless approved, monitor API usage, and review the complete local Python scripts before installing.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityInfoConfidenceHighStatusNote

scripts/random_ppt_theme.py

process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True

The automatic-template helper launches the included generate_ppt.py script as a subprocess. This local Python execution is central to the skill's stated workflow and is not hidden, but users should know the skill runs code locally.

User impactUsing the automatic template path runs local Python scripts on your machine or agent environment.

RecommendationInstall only from a trusted source and review the local scripts before use, especially if running in an environment with sensitive files or credentials.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

scripts/random_ppt_theme.py

"truncated": true

The provided artifact view for random_ppt_theme.py is truncated, and this script is part of the default automatic-template workflow. This is not evidence of malicious behavior, but it limits review of the exact installed helper.

User impactThe visible artifacts support the stated purpose, but the user should verify the full helper script before relying on it.

RecommendationReview the complete installed random_ppt_theme.py file and confirm it matches the expected Baidu PPT generation behavior.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/generate_ppt.py

api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_key

The script reads the user's Baidu API key from the environment and uses it as a bearer credential for Baidu API calls. This is expected for the stated Baidu PPT integration, but it gives the skill delegated access to the user's Baidu API account.

User impactThe skill can use your Baidu API account to list templates and generate PPTs, which may affect quota or billing.

RecommendationUse a dedicated or least-privileged Baidu API key if available, monitor usage, and revoke the key when you no longer need the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/generate_ppt.py

URL_PREFIX = "https://qianfan.baidubce.com/v2/tools/ai_ppt/" ... "query": query ... "web_content": web_content

The script sends the user's PPT topic, generated outline data, and optional web content to Baidu's Qianfan AI PPT API. This is purpose-aligned, but it means presentation content leaves the local environment.

User impactConfidential topics or source material may be processed by Baidu, and the generated PPT is returned through a remote URL.

RecommendationAvoid sending sensitive or regulated content unless you are comfortable with Baidu processing it and have reviewed the provider's data handling terms.