ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ppt Auto Generator Pro

v1.0.0

Automatically generate professional PPT presentations with AI, supporting multiple styles, templates, and export formats including PPTX, PDF, and images.

0· 59·1 current·1 all-time
by@bingze00000
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the SKILL.md commands align with an AI PPT generator. However, _meta.json lists runtime requirements ('python-pptx', 'openai') that imply use of a Python library and the OpenAI API; the published registry metadata and skill manifest did not declare any required env vars or binaries. That inconsistency is unexpected for an AI-first tool and should be explained.
Instruction Scope
SKILL.md is instruction-only and contains only high-level user-facing commands (generate outline, batch generate, apply template). It references local files/paths (e.g., draft.pptx, ./ppts) which is reasonable for slide templates and outputs. The instructions do not explicitly tell the agent to read unrelated system files or to transmit data to unknown endpoints.
Install Mechanism
No install spec is present (instruction-only), which is low risk. But _meta.json claims dependencies on python-pptx and openai without providing an install mechanism or explaining how those dependencies are satisfied — this gap is worth clarifying because it suggests the skill expects an environment setup not described in the manifest or SKILL.md.
!
Credentials
_meta.json's 'openai' requirement strongly suggests the skill will call the OpenAI API and therefore would require an API key (sensitive credential). Yet the skill declares no required environment variables or primary credential. Missing credential declarations are disproportionate and ambiguous: the agent or user might be prompted to supply secrets at runtime or the skill may expect secrets outside the manifest.
Persistence & Privilege
Skill flags are default (always: false, user-invocable true, model invocation allowed), so it does not request permanent/global installation or elevated privileges. Nothing indicates it modifies other skills or system-wide settings.
What to consider before installing
This skill looks like a legit AI PPT helper on the surface, but the package metadata claims dependencies (python-pptx and openai) that the SKILL.md and registry manifest do not document. Before installing or using it: (1) ask the publisher for source code or an explanation of runtime requirements and where OpenAI calls (if any) go; (2) do not provide API keys or other secrets until you confirm which service endpoints are used and how data is handled; (3) if you plan to run it locally, ensure you understand and control any Python packages it needs (install them in an isolated environment); (4) prefer skills with a clear install spec, documented env vars, and a verifiable source/homepage. If the publisher cannot clarify the missing OpenAI credential requirement, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk978r0ggbpkx0c3vejvr6kh4qx83twak

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments