Security audit
手书 SVG 转 PPT
Security checks across malware telemetry and agentic risk
Overview
The skill appears to perform its stated SVG conversion task, but it uploads user SVG content and an API key to a third-party service with weak disclosure and risky credential handling.
Review before installing. Use this only for SVGs you are comfortable sending to handbooks.cn, avoid passing secrets directly on the command line where possible, and prefer an environment variable or prompt-based key flow until the skill documents the network destination and transmitted data clearly.
VirusTotal
VirusTotal findings are pending for this skill version.
Static analysis
No suspicious patterns detected.
