ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GoAI PPT Gen

v1.0.1

Generate PowerPoint presentations via GoAI API. Use when the user asks to create, generate, make, or build PPT, slides, presentations, including Chinese requ...

0· 49·0 current·0 all-time
by@goai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, required env (GOAI_API_KEY), required binary (uv), default base URL (https://ppt.mustgoai.com), and the included Python code all align with a PPT-generation client for the GoAI API. The primary credential and endpoints are consistent with the homepage and the declared purpose.
Instruction Scope
SKILL.md and the code instruct the agent to pass the user's PPT prompt through as-is, use uv to run the included Python entrypoint, upload user-supplied local reference images (by design), poll backend tasks, and always print both absolute local file path and public URL. The requirement to print an absolute local path is a privacy detail to be aware of (it will reveal local filesystem paths in the agent output), but it is coherent with delivering a downloadable artifact.
Install Mechanism
No install spec is provided; the skill relies on the user having uv available. The bootstrap uses uv to create a local environment and install httpx and Python as needed, which is expected for a packaged Python project (pyproject.toml lists only httpx). There are no downloads from unusual hosts in the source files and no arbitrary remote install URLs declared.
Credentials
Only GOAI_API_KEY (and optional override GOAI_BASE_URL) is required; this is proportional to a service client. The code only accesses the API key and standard user-home path when composing an error message. No unrelated credentials or broad system secrets are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time actions that persist beyond its own project directory. Autonomous invocation is allowed but is the platform default; there are no extra persistence privileges requested.
Assessment
This skill appears to do what it says: it uses your GOAI_API_KEY and the GoAI PPT API to generate slides and will upload any local reference images you supply. Before installing or running it, consider: (1) you must install 'uv' (the skill will not attempt to change your system Python); (2) if you pass local file paths as references the files will be uploaded to the service (so do not pass sensitive local files); (3) the skill prints the absolute local path of the generated PPT in its output (this reveals filesystem paths in responses); and (4) the only required secret is GOAI_API_KEY — provide it only if you trust the mustgoai.com service. If you need higher assurance, review the full source (scripts/common.py and generate_ppt.py) and confirm the backend URL before providing your API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk977f665xgcdqreq7x2kmkf2r583s3ax

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
OSmacOS · Linux · Windows
Binsuv
EnvGOAI_API_KEY
Primary envGOAI_API_KEY

Comments