ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slides

v1.0.0

Create, edit, and automate presentations with programmatic tools, visual consistency, and project-based learning of user style preferences.

0· 916·8 current·9 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: tools, templates, and local storage under ~/slides/ are appropriate for a 'Slides' skill. However, the skill documents use of networked services (Google Slides API) and CLI installs (npm/marp, decktape) while declaring no required credentials or install steps; that mismatch (optional networked features not surfaced in metadata) should be clarified.
!
Instruction Scope
SKILL.md explicitly instructs the agent to create and read/write files under ~/slides/ (expected), and to honor a 'never make network requests without user action' rule. But the included tooling docs demonstrate network operations (Google Slides API authentication requiring a creds.json, npm installs, Playwright/decktape usage). The guidance is mostly scoped, but these contradictions (tools that require network and credentials vs. the 'never network' statement) are concerning because the skill gives the agent discretion over tool selection and storing credentials locally.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. However the documentation contains explicit install/CLI commands (npm install -g @marp-team/marp-cli, npx slidev, decktape, Playwright) that would cause network downloads if followed; these are not enforced or declared in metadata. Because nothing is written by a registry install, the practical install risk depends on what the agent or user actually runs.
Credentials
Metadata declares no required env vars or credentials, yet tools.md shows Google Slides authentication via a service account JSON file (creds.json) and other commands that may use local files or tokens. Requesting no credentials in metadata is reasonable if cloud integrations are optional, but users should be aware the skill expects/encourages storing project data and possibly auth files under ~/slides/ (local filesystem access).
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It stores state under the user's home directory (~/slides/) which is consistent with its purpose. There is no evidence it attempts to modify other skills or system-wide config.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found unicode control characters in SKILL.md. These characters are often used in prompt-injection attacks to hide or alter instructions for models. That pattern is not expected for a straightforward slides/template skill and should be inspected manually (render files in a hex or text editor to reveal hidden characters).
What to consider before installing
Plain-language checklist before installing or running this skill: - It's largely an instruction-only helper that expects to read/write files under ~/slides/. Back up any existing ~/slides/ data before use. - The skill documents using Google Slides, Marp, Slidev, decktape, Playwright, and npm installs. Those features require network access and, for Google Slides, credentials (service account JSON or OAuth). The skill metadata declares no credentials — assume cloud integrations are optional and will require you to supply credentials explicitly. - The scanner flagged unicode control characters in SKILL.md. This can be used to hide model-manipulating text. Inspect the SKILL.md and other files in a plain/hex viewer for non-printing characters before trusting the instructions. If you are not comfortable reading hidden characters, do not enable autonomous invocation. - If you will use Google Slides integration: never upload your personal service-account file or other secrets to third-party services. Prefer to run the Google-Slides steps locally and supply credentials only when you explicitly choose to. - Because the agent has discretion to pick tools, restrict automated/autonomous execution unless you trust it (run manually the first time). Consider running the skill in a sandbox environment or with a dedicated low-privilege user account. What would change this assessment: explicit metadata clarifying how cloud auth is handled (which env vars or file paths are required), removal/explanation of the unicode-control characters, or a minimal install spec that documents exactly what will be downloaded and executed. If the author supplies that information, confidence could be raised to 'high' and the status could move to 'benign'.

Like a lobster shell, security has layers — review code before you run it.

latestvk97512zz7v84ebyht7bh7treh981behr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
OSLinux · macOS · Windows

Comments