ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skywork PPT

Use this skill when the user wants to: (1) generate a PPT from a topic — trigger on '/ppt_write', 'generate a PPT', 'create a presentation about X', 'help me...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 33 · 0 current installs · 0 all-time installs
bySkywork AI@gxcun17
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name and description (generate/imitate/edit PPT) are consistent with the code and workflows. However, the skill metadata declares no required environment variables or credentials while the scripts clearly require authentication (SKYBOT_TOKEN env var is checked, and an interactive login flow is implemented). The skill also depends on remote Skywork APIs (upload, parse, gateway) which is coherent for cloud-backed generation, but the metadata omission is an incoherence that could confuse users about data leaving their machine.
!
Instruction Scope
SKILL.md explicitly instructs uploading user-provided local files to remote Skywork endpoints (parse/upload), running a login flow (possibly opening a browser or returning a login URL), and streaming background jobs by repeatedly reading /tmp log files and checking PIDs. Uploading local content to external services and saving verbatim user queries to a backend are core behaviors here — appropriate for the described cloud features, but these are non-trivial privacy/IO actions that are not declared in the registry metadata and should be highlighted to users.
Install Mechanism
This is an instruction-only skill with shipped Python scripts and no packaged install spec. It requires Python 3.8+ and installs python-pptx via pip (the SKILL.md provides an explicit environment check and install command). There are no downloads from obscure URLs or archive extraction steps in the install instructions, so install risk is low.
!
Credentials
Although registry metadata lists no required env vars, the code expects an auth token via SKYBOT_TOKEN and will create/use a token file at ~/.skywork_token. It also reads/uses SKYWORK_* URL overrides. Persisting a token to a global location shared by other skills and relying on an environment token that is not declared are disproportionate to the metadata and important for users to know before installing.
!
Persistence & Privilege
The skill persists authentication state to ~/.skywork_token (JSON) and may spawn a browser for interactive login. It writes progress logs to /tmp and instructs the agent to read them repeatedly. The skill does not set always: true, but its persistent token file in the user's home is a cross-skill/global side effect that affects long-term privileges and privacy.
What to consider before installing
This skill implements a cloud-backed PPT generator and editor that will upload any reference files you provide to Skywork endpoints and requires authentication. The metadata says no credentials are needed, but the scripts will: (1) check SKYBOT_TOKEN if present; (2) open a browser or print a login URL and poll the Skywork API; (3) save the obtained token in ~/.skywork_token (plain JSON), a global location shared by other tools; and (4) upload/parse files to https://api-tools.skywork.ai / https://api.skywork.ai. Before installing, consider: use the local-only features (Layer 3) if you do not want files sent off-host; do not supply sensitive documents unless you trust Skywork; prefer a disposable/limited account if you must authenticate; inspect or sandbox the skill runtime to control where logs and token files are written; and ask the publisher for an explicit privacy/data-retention policy and for the reason why registry metadata omits the required auth/environment variables. If you want me to, I can: (a) extract the exact lines that write/read ~/.skywork_token and upload files; (b) suggest a minimized workflow that keeps everything local; or (c) draft questions to ask the skill author about data handling.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97dfyrrfepcz0nnzntq16jwz5830m04

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

PPT Write Skill

Four capabilities: generate, template imitation, edit existing PPT, and local file operations.

Authentication (Required First)

Before using this skill, authentication must be completed. Run the auth script first:

# Authenticate: checks env token / cached token / browser login
python3 <skill-dir>/scripts/skywork_auth.py || exit 1

Token priority:

  1. Environment variable SKYBOT_TOKEN → if set, use directly
  2. Cached token file ~/.skywork_token → validate via API, if valid, use it
  3. No valid token → opens browser for login, polls until complete, saves token

IMPORTANT - Login URL handling: If script output contains a line starting with [LOGIN_URL], you MUST immediately send that URL to the user in a clickable message (e.g. "Please open this link to log in: <url>"). The user may be in an environment where the browser cannot open automatically, so always surface the login URL.

Routing — Identify the user's intent first

User intentWhich path
Generate a new PPT from a topic, set of requirements or reference filesLayer 1 — Generate
Use an existing .pptx as a layout/style template to create a new presentationLayer 2 — Imitate
Edit an existing PPT: modify slides, add slides, change style, split/mergeLayer 4 — Edit
Delete / reorder / extract / merge slides in a local file (no backend)Layer 3 — Local ops

Environment check (always run this first)

This skill requires Python 3 (>=3.8). Run the following before any script to locate a valid Python binary and install dependencies.

PYTHON_CMD=""
for cmd in python3 python python3.13 python3.12 python3.11 python3.10 python3.9 python3.8; do
  if command -v "$cmd" &>/dev/null && "$cmd" -c "import sys; exit(0 if sys.version_info >= (3,8) else 1)" 2>/dev/null; then
    PYTHON_CMD="$cmd"
    break
  fi
done

if [ -z "$PYTHON_CMD" ]; then
  echo "ERROR: Python 3.8+ not found."
  echo "Install on macOS: brew install python3  or visit https://www.python.org/downloads/"
  exit 1
fi

echo "Found Python: $PYTHON_CMD ($($PYTHON_CMD --version))"

$PYTHON_CMD -m pip install -q --break-system-packages python-pptx
echo "Dependencies ready."

After this check, replace python with the discovered $PYTHON_CMD (e.g. python3) in all subsequent commands.

Layer 1 — Generate PPT

Steps

  1. REQUIRED FIRST STEP — Read workflow_generate.md NOW, before taking any other action. After reading, output exactly: ✅ workflow_generate.md loaded. — then proceed.
  2. Environment check — run the check above to get $PYTHON_CMD.
  3. Upload reference files (if the user provides local files as content source) — parse the file using tool in script/parse_file.py and pass the result to --files. See the --files note below.
  4. Web search (required if no relevant content is already in the conversation) — call web_search tool in script to search the topic and distill results into a reference-file file of ≤ 2000 words.
  5. Run the script:

    Important: set exec tool yieldMs to 600000 (10 minutes).

  6. Deliver — provide the absolute .pptx path and the download URL.

Layer 2 — Imitate PPT (template-based generation)

Steps

  1. REQUIRED FIRST STEP - Read workflow_imitate.md immidiately before any action you do!!!
  2. Environment check — run the check above to get $PYTHON_CMD.
  3. Locate the template — extract the absolute path of the local .pptx from the user's message; ask the user if it's unclear.
  4. Upload the template — upload it and extract TEMPLATE_URL from the output.
  5. Upload reference files (if the user provides additional local files as content source) — parse the file using tool in script/parse_file.py and pass the result to --files. See the --files
  6. Web search (required if no relevant content is already in the conversation) — call web_search tool in script to search the new topic and distill results into a reference-file file of ≤ 2000 words.
  7. Run the script:

    Important: set exec tool yieldMs to 600000 (10 minutes).

  8. Deliver — provide the absolute .pptx path, the download URL, and the template filename used.

Layer 4 — Edit PPT (AI-powered modification)

Use this layer when the user wants to modify an existing PPT using natural language. Requires an OSS/CDN URL of the PPTX (from a previous generation or upload).

Steps

  1. Detailed workflow - Read workflow_edit.md immediately before any action you do!!!
  2. Environment check — run the check above to get $PYTHON_CMD.
  3. Get PPTX URL — from the user's message or upload a local file first.
  4. Run the script with --pptx-url: 
    $PYTHON_CMD scripts/run_ppt_write.py "edit instruction" \
  --language Chinese \
  --pptx-url "https://cdn.example.com/file.pptx" \
  -o /absolute/path/output.pptx

    Important: set exec tool yieldMs to 600000 (10 minutes).

  5. Deliver — provide download link, local path, and summary of changes.

Layer 3 — Local file operations

# Inspect slide count and titles
$PYTHON_CMD scripts/local_pptx_ops.py info --file my.pptx

# Delete slides (1-based index; supports ranges like 3,5,7-9; omit -o to overwrite in place)
$PYTHON_CMD scripts/local_pptx_ops.py delete --file my.pptx --slides 3,5,7-9 -o trimmed.pptx

# Reorder slides (must list every slide, no omissions)
$PYTHON_CMD scripts/local_pptx_ops.py reorder --file my.pptx --order 2,1,4,3,5

# Extract a subset of slides into a new file
$PYTHON_CMD scripts/local_pptx_ops.py extract --file my.pptx --slides 1-3 -o subset.pptx

# Merge multiple files
$PYTHON_CMD scripts/local_pptx_ops.py merge --files a.pptx b.pptx -o merged.pptx

Read workflow_local.md immidiately before any action you do!!!

Error Handling

  • Insufficient benefit: When calling scripts (generate, imitate, or edit), the script or log may show a message like Insufficient benefit. Please upgrade your account at {url}, meaning the user's benefit level does not meet the requirement for this skill.

How to reply when benefit is insufficient

When you detect the above, reply in the user's current language — do not echo the English message. Use this pattern:

  • Convey: "Sorry, PPT generation failed. This skill requires upgrading your Skywork membership to use." then a single call-to-action link.
  • Format: One short sentence in the user's language + a link like [Upgrade now →](url) or the equivalent in their language .
  • URL: Extract the upgrade URL from the log/script output (e.g. the at https://... part).

Dependencies

  • Python 3.8+ (required) — python3 / python must be on PATH
  • Layer 3 local ops: pip install python-pptx --break-system-packages

(The environment check step installs all required dependencies automatically.)

Which layer to trigger?

ScenarioUse
Generate a PPT from a topic or existing reference filesLayer 1
Imitate the layout/style of an existing .pptxLayer 2
Edit/modify an existing PPT via natural languageLayer 4
Delete / reorder / extract / merge local .pptx files (no backend)Layer 3

Files

12 total
Select a file
Select a file to preview.

Comments

Loading comments…