Skillv1.0.0

ClawScan security

PPT Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 5:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (automated PPT creation) matches the instructions and declared dependencies; it is an instruction-only package with no installs, no requested secrets, and no obvious incoherent requirements.
Guidance: This skill is internally consistent for automated PPT generation and presents low technical risk because it's instruction-only. Before installing or using it, consider: (1) it routes text and any provided files to external models and performs web searches — do not submit confidential or sensitive material; (2) ensure the platform has access to the referenced models (qwen3.5, kimi-2.5, minimax-2.5) and any dependent skills (pptx, web_search, citation-management) are installed and configured; (3) verify where output files will be written (workspace/ppt_projects) and that you consent to files being created there; (4) note the package has no published homepage or known maintainer beyond the metadata — if provenance matters, request more info from the author or prefer a skill from a vetted source.

Review Dimensions

Purpose & Capability: okName/description, model routing, and declared dependent skills (pptx, web_search, citation-management, etc.) are coherent for an automated PPT workflow that searches literature, generates content, and writes PPTX/PDF outputs. The listed models and stages align with the stated 7‑step workflow and expected outputs.
Instruction Scope: noteSKILL.md contains detailed, scoped runtime instructions limited to: clarifying user requirements, web/literature search, outline creation, content generation, PPTX creation, visual polishing, and exporting artifacts. It references reading/writing to a project workspace (workspace/ppt_projects) which is expected for file outputs. It also routes data to external models/services (qwen3.5, kimi-2.5, minimax-2.5 and 'web_search'), so user-provided or discovered content will be sent to those systems — a privacy consideration but not scope creep. The docs mention checking 'API 密钥是否有效' for models (troubleshooting) even though no env vars are declared; this is plausible because model access is normally provided by the platform, but users should confirm model credentials and availability.
Install Mechanism: okNo install spec and no code files that would be written to disk; this is instruction-only content. There are references to an empty scripts/ directory, but no downloads, archives, or external install URLs. Low install risk.
Credentials: noteThe skill declares no required environment variables, credentials, or privileged config paths — proportionate for its purpose. Caveat: it depends on other skills and external models (web_search, pptx, qwen/kimi/minimax) which may require API keys or network access provided by the platform; those credentials are not declared here. If you rely on private data, note that the skill's workflow will route that data to external models/services and perform web searches.
Persistence & Privilege: okalways is false and the skill does not request persistent global privileges. It writes outputs into a workspace path (workspace/ppt_projects) which is appropriate for generated artifacts. It does not modify other skills or system-wide settings.