Skillv0.1.2

ClawScan security

ZeeLin Auto-PPT · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 4:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (automates NotebookLM and assembles PDFs) but includes broad local-file operations (merging all Desktop PDFs), hardcoded paths, and a single-round / exec-first workflow that reduce user oversight — these inconsistencies merit caution before running it.
Guidance: This skill is functionally coherent but contains several risky or surprising behaviors. Before installing or running it: - Inspect the included scripts locally and open them yourself (create_ppt.sh, merge_pdf_on_desktop.sh, postprocess_ppt_outputs.py). - Do NOT run recommended commands that use --all-desktop or call merge without explicit file lists; edit the commands to pass only the PDFs you produced. - Fix hardcoded paths (replace /Users/youke/... with $HOME or relative paths) so the skill doesn't fail or read the wrong files. - Prefer interactive/supervised runs: do not allow fully autonomous single-round execution; require the agent to ask for confirmation before running scripts that operate on your Desktop or your logged-in NotebookLM session. - Test on a disposable account or in a folder with non-sensitive PDFs first to confirm behavior. - Be aware the skill will use your logged-in NotebookLM browser session (it can interact with whatever is open in that session). If that session has sensitive data, avoid running the skill until you log out or use a separate profile. If you want help reworking the scripts (e.g., remove --all-desktop default, replace hardcoded paths, add safeties/prompts), share which parts you'd like changed and I can suggest specific edits.
Findings: [exec-shell-scripts] expected: The skill intends to automate browser UI and local PDF processing via shell scripts; use of exec to run those scripts is expected for this purpose. Still, exec runs should be used with care because they access local files and the browser session. [desktop-file-access-merge] unexpected: Scripts and SKILL.md recommend merging all PDFs on the user's Desktop (merge_pdf_on_desktop.sh and postprocess_ppt_outputs.py --all-desktop). Merging indiscriminately across Desktop is broader than needed to merge only generated outputs and could include sensitive files. [hardcoded-user-paths] unexpected: SKILL.md and references use an absolute path with a specific username (/Users/youke/...). This is fragile and inconsistent with a generic skill; it may cause misbehavior or make the skill read unexpected files if adapted. [browser-automation-evaluate-click-type] expected: Scripts use the OpenClaw browser CLI to snapshot, evaluate DOM, click, and type — expected for automating NotebookLM UI. This requires the user's logged-in web session and grants the script ability to interact with any open web app in that session.

Review Dimensions

Purpose & Capability: noteThe name/description (generate PPT via NotebookLM and export PDF) matches the included scripts: create_ppt.sh drives NotebookLM via an OpenClaw browser CLI, and postprocess/merge scripts handle PDF merge and PPTX export. However there are mismatches: SKILL.md and reference paths use an absolute path with a hardcoded username (/Users/youke/...), which will not exist for most users; the postprocess recommendations encourage --all-desktop behavior (merging every PDF on the desktop), which is broader than the stated 'merge generated PDFs' purpose.
Instruction Scope: concernRuntime instructions explicitly tell the agent to run shell scripts via exec and to execute the entire workflow in one uninterrupted round. The scripts automate a logged-in NotebookLM browser session, search YouTube, insert website sources, type/paste content, snapshot DOM, and write outputs to ~/Desktop. They also recommend commands that merge all PDFs on the Desktop and run heuristic de-duplication across those files. These actions reach into arbitrary local data (Desktop PDFs) and the user's NotebookLM session — they go beyond simply 'generate a PPT' and reduce user control/visibility during execution.
Install Mechanism: okNo install spec or remote downloads — the skill is instruction/code-only and bundles scripts. That keeps install risk low (nothing is fetched from arbitrary URLs). The included scripts will be present on disk as part of the skill; there's no installer that pulls remote code.
Credentials: concernThe skill declares no required env vars, but both SKILL.md and scripts rely on environment variables at runtime (AUTO_PPT_*, OPENCLAW_CLI, TMPDIR, HOME, DESKTOP). This is reasonable for configuring behavior, but the scripts access and operate on broad local resources (the user's Desktop and any PDFs there) and reference a hardcoded reference path under /Users/youke/... which is disproportionate and fragile. The postprocess script's --all-desktop option will include all Desktop PDFs, potentially exposing unrelated/sensitive documents to automated processing.
Persistence & Privilege: concernalways:false and no automatic installation of persistent agents — good. But SKILL.md pushes for one-shot autonomous execution (single round, run scripts immediately, do not pause for user confirmation). Combined with exec-based script runs that manipulate the browser and local files, that lowers user oversight and increases the blast radius if run autonomously. The skill does not modify other skills or system configs.