Back to skill

Security audit

手书 SVG 转 PPT

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated SVG conversion task, but it uploads user SVG content and an API key to a third-party service with weak disclosure and risky credential handling.

Review before installing. Use this only for SVGs you are comfortable sending to handbooks.cn, avoid passing secrets directly on the command line where possible, and prefer an environment variable or prompt-based key flow until the skill documents the network destination and transmitted data clearly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.