Skillv0.1.0

ClawScan security

deep-research-ppt-pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 5:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (generate validated research → PPT with Gemini images) is plausible, but there are multiple inconsistencies and missing declarations (notably required API keys and reference docs) and scripts that perform system installs and write to hardcoded system paths — you should review/confirm these before installing or running it.
Guidance: Do not run this skill unattended. Before installing or executing it: 1) Verify and obtain the missing reference files (references/zeelin_api.md and prompt_design.md) so you know exactly what API calls will be made. 2) Confirm you trust the external services (ZeeLin/DeSearch and Google Gemini) and are willing to provide their API keys; only store keys in a secure secrets mechanism, not plaintext .env files. 3) Inspect the two Python scripts (generate_and_assemble.py and report_to_ppt_outline.py) fully for any hidden network endpoints or unexpected behavior (they attempt to install packages and write to /home/ubuntu and /tmp). 4) Run the code in an isolated environment (container or VM) with limited privileges to avoid accidental system changes; avoid giving sudo unless you understand and accept the installs. 5) Ask the publisher to update the registry metadata to declare required env vars and to remove or parameterize hardcoded system paths. If you cannot verify the missing reference docs or the publisher's identity, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and code clearly require two API keys (DESEARCH_API_KEY for ZeeLin/DeSearch and GEMINI_API_KEY for Google Gemini) and call external services (ZeeLin, Gemini) — that aligns with the described purpose. However the registry metadata lists no required env vars or primary credential, which is inconsistent. SKILL.md also references additional reference files (e.g., references/zeelin_api.md, references/prompt_design.md) that are not present in the published file manifest. There is a hardcoded OUTPUT_DIR (/home/ubuntu/ppt_output) and other hardcoded paths which are disproportionate to a simple instruction-only skill and may cause surprises.
Instruction Scope: concernThe runtime instructions require calling external APIs, performing .gov-only web searches, extracting data from a generated Markdown report, and re-generating images until OCR matches expected text. They also instruct installation of system packages (sudo apt-get / pip3) and require environment variables. The SKILL.md tells the agent to delete any unverified data statements — that’s a strong automated action. The instructions reference missing docs required for correct API usage. The skill will run network operations and may perform repeated external requests (Gemini, search), so scope is broad and requires explicit consent and secure credential handling.
Install Mechanism: noteThere is no formal install spec (instruction-only at registry level), but the package includes runnable Python scripts. The scripts and README instruct running pip installs and apt-get to install tesseract and python packages; generate_and_assemble.py also can call sudo apt-get at runtime. That means running the skill will attempt to install software and write files on the host. There is no remote download-from-unknown-URL in the manifest, but the scripts expect to install third-party Python packages (google-genai, pillow, pytesseract, python-Levenshtein, requests) which will pull code from PyPI.
Credentials: concernSKILL.md mandates DESEARCH_API_KEY and GEMINI_API_KEY environment variables, but the registry 'required env vars' list is empty and 'primary credential' is none — a clear mismatch. The scripts rely on GEMINI_API_KEY at runtime and the workflow expects credentials for an external proprietary search API. Requiring two non-local API keys is reasonable for the claimed functionality, but the fact they are not declared in the registry metadata (and that the skill references additional missing reference docs for how to use DeSearch) is a red flag. The skill also instructs use of sudo to install packages (requiring elevated privileges).
Persistence & Privilege: noteThe skill does not request 'always: true' and does not claim to modify other skills. However its scripts write logs to /tmp and output to a hardcoded /home/ubuntu/ppt_output directory and may run package installs via sudo. That gives the code filesystem write and package-install privileges on the host when executed. Autonomous invocation is allowed by default but not by itself a disqualifier — combined with absent credential declarations and system-level install instructions, it increases the need for cautious review before enabling.