Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
aippt-skill
v3.0.6A skill to automatically generate and download PPT presentations using AIPPT APIs based on a provided topic.
⭐ 0· 263·0 current·0 all-time
bybooyakasha@huiyuan1234
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md and scripts all describe an AiPPT integration and the required tools (curl, python3, openssl) and API keys — this is coherent. However the registry metadata supplied with the skill (top-level 'Requirements' in the prompt) said no required env vars, while skill.json and SKILL.md both declare AIPPT_APP_KEY / AIPPT_SECRET_KEY (and optional AIPPT_UID). That metadata mismatch is confusing and should be resolved before install.
Instruction Scope
SKILL.md instructs the agent to call scripts/aippt.sh with absolute file paths and to upload/process user files. The included script will read any file path provided and upload it to the remote service. The script uses eval in api_get/api_post and other places, and directly interpolates user-supplied arguments into curl commands — this pattern raises command-injection risk if untrusted input reaches those calls. The script also sources a local .env and writes .token_cache.json in the skill directory, so credentials/cached tokens may be stored on disk. Although SKILL.md instructs to ask users before processing uploads, the code will perform uploads if given paths, so accidental exfiltration is possible if flows are not enforced.
Install Mechanism
This is an instruction-only skill with an included shell script; there is no installer that downloads arbitrary code from external URLs or writes unexpected system-wide binaries. No install-time downloads or extracts were specified.
Credentials
The required environment variables (AIPPT_APP_KEY, AIPPT_SECRET_KEY, optional AIPPT_UID) are appropriate for calling the AiPPT API. Caveats: the runtime script will also source a local .env (if present) and will write a .token_cache.json file in the skill directory, so secrets or tokens may be persisted to disk. Also the registry metadata presented earlier contradicted the actual declared env requirements — confirm which is authoritative before providing keys.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It creates a token cache file (.token_cache.json) and may read an .env in its own skill directory, but it does not modify other skills or global agent configuration.
What to consider before installing
Before installing: 1) Confirm the env-var mismatch — skill.json and SKILL.md require AIPPT_APP_KEY and AIPPT_SECRET_KEY; the registry header in the prompt incorrectly showed none. Provide keys only if you trust the AiPPT provider and this skill. 2) Review the script (scripts/aippt.sh) yourself: it uses eval with curl and interpolates arguments, which can allow command injection if untrusted inputs are passed. Ensure the agent/user never supplies unvalidated shell-unsafe strings. 3) The skill accepts absolute file paths and will upload any file you point it to — do not allow it to read sensitive system files (e.g., /etc/*, SSH keys, etc.). Confirm the skill asks the user before processing uploads (SKILL.md requires that), and do not grant it autonomous access to files. 4) Note the script will source .env (if present) and write .token_cache.json in the skill folder — remove or protect those files if you are concerned about stored secrets/tokens. 5) If you decide to proceed, run this skill in a restricted/sandboxed environment (or with least-privilege credentials), monitor network activity to co.aippt.cn, and consider rotating the API keys after testing. If you are not comfortable with these risks (eval usage, file-path uploads, persisted token file), avoid installing or request the publisher to remove eval usage and add explicit input sanitization and safer subprocess invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk97d8krr1dgpxh1zsy9bzab7g983gegypptvk97d8krr1dgpxh1zsy9bzab7g983gegy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.