Skillv1.0.4

ClawScan security

chatppt-agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 9:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match a CLI-based PPT generator, but there are several mismatches and privacy/installation risks (undeclared binary requirement, npm global install of an unverified package, and implicit access to local config/tokens) that you should review before installing or running it.
Guidance: Before installing or running this skill: (1) treat the SKILL.md instruction to run `npm install -g @yooai/cli` as pulling and executing remote code — only proceed if you trust the package and its publisher; (2) inspect the package (npm page or GitHub repo) and prefer to run it in a sandbox or container rather than installing globally; (3) be aware the CLI will prompt for login and stores tokens in $HOME/.chatppt/config.yaml — running commands like `config show` or `ppt import_file` can expose local config and upload local files to the service; (4) if you need stronger guarantees, ask the skill author for the package repository/homepage, cryptographic release artifacts, or a vetted install mechanism; (5) if you must use it, avoid running it on machines with sensitive credentials or files, do not grant it access to system-wide secrets, and prefer manual invocation over letting an autonomous agent run install/auth commands on your behalf.

Review Dimensions

Purpose & Capability: concernThe skill claims no required binaries or credentials in registry metadata, but the SKILL.md explicitly requires the 'chatppt' CLI (installed via `npm install -g @yooai/cli`). Requiring a global CLI is coherent with the described purpose, but the registry metadata omits that requirement — an inconsistency users should be aware of.
Instruction Scope: concernInstructions tell the agent to run commands that affect authentication, show config, import local files (e.g., `ppt import_file "/path/to/file"`), and display configuration/preview images. Those actions can expose local files and config (tokens) and will upload user-specified files to the remote service — which is coherent with the feature but not declared in metadata and has privacy implications.
Install Mechanism: concernThere is no install spec in the registry, but SKILL.md instructs installing an npm package globally (`npm install -g @yooai/cli`). That is an ad-hoc, user-run install of remote code (unverified publisher). Because the package source/repo/homepage is not provided, this raises supply-chain and trust concerns.
Credentials: concernThe registry lists no required env vars or credentials, yet the CLI uses a config file at $HOME/.chatppt/config.yaml and authentication flows (auth login/refresh). Running `config show` or auth commands may surface tokens/credentials. The skill does not declare these access expectations, which is disproportionate to the metadata and increases the chance of secrets exposure.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated/persistent privileges in the registry metadata. It is user-invocable and allows autonomous invocation (platform default) but does not request unusual persistent presence or modification of other skills.