Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
officecli-pptx
v1.0.2Use this skill any time a .pptx file is involved -- as input, output, or both. This includes: creating slide decks, pitch decks, or presentations; reading, p...
⭐ 0· 87·0 current·0 all-time
by瓦砾@iceyliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (pptx/slide handling) aligns with the SKILL.md contents: every command shown (view, get, set, add, remove, query, render) operates on .pptx files and local paths, and the included creating.md and editing.md are coherent with the stated purpose.
Instruction Scope
SKILL.md explicitly instructs running shell commands that fetch and execute a remote install script (curl https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh && bash ...). That step executes arbitrary code from a remote repo at runtime. Aside from installation, the instructions operate on local files (read/modify .pptx, replace images, preview HTML), which is expected, but the installer/upgrade steps expand scope to full network-downloaded code execution.
Install Mechanism
Although the registry has no install spec, the runtime instructions implement an install/upgrade path by curling and executing a script from raw.githubusercontent.com. Fetch-and-execute of a remote installer is a high-risk install mechanism (supply-chain risk). Using GitHub raw is better than an unknown IP, but the script contents and their side effects are not included in the skill bundle and are therefore opaque.
Credentials
The skill does not declare or require any environment variables, credentials, or config paths. The commands shown do not request unrelated secrets. However, network access is required at runtime (to GitHub API and raw.githubusercontent.com), which is not declared in registry metadata — this is operational but not a credentials mismatch.
Persistence & Privilege
always:false and normal autonomous invocation apply. The SKILL.md will install a local binary (officecli) when absent, creating a persistent program on the host; this is expected for a CLI-driven skill but increases the attack surface because the skill-guided installer executes arbitrary remote code.
What to consider before installing
This skill's behavior matches its description, but its runtime instructions tell you to download and run an installer script from raw.githubusercontent.com and to auto-upgrade via the GitHub API. That is the primary risk: executing a remote install script can run arbitrary code on your machine. Before installing or allowing the agent to run this skill, consider:
- Inspect the installer: open https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh (and the repo) and review the script and release artifacts for malicious or unexpected behavior. Do not run it blind.
- Prefer manual / vetted install: if you trust the tool, download a release from an authenticated source and verify checksums/signatures; or install officecli yourself in a sandboxed environment and deny the skill permission to auto-install.
- Minimize autonomy: if the agent can run shell commands automatically, restrict that capability or require explicit approval before executing installs.
- Test in isolation: run the installer in a VM/container to observe what files, services, or network connections it creates.
- If you cannot verify the upstream project (iOfficeAI/OfficeCli) or its installer, decline to install and use an alternative tool you trust.
In short: the skill itself is coherent for editing .pptx files, but the in-band install/upgrade instruction that fetches and executes a remote script is the reason to proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk972fjhjp2zwzbzdb761103b85841nm3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.