Skillv4.2.0

ClawScan security

ZeeLin Auto-PPT · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 1:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its claimed purpose (automating NotebookLM to produce and download a PDF), but the runtime instructions force immediate, single‑turn execution and suppress reporting/debugging — behavior that could cause unintended data uploads or hide failures, so proceed with caution.
Guidance: This skill appears to do what it says (automate NotebookLM and download a PDF) and contains a readable shell script. However, the runtime instructions strongly push the agent to run the bundled script immediately in a single turn, avoid reporting, and ignore errors — this can cause unintended uploads of generated text (which might include sensitive information) to Google. Before installing or using: 1) Review the create_ppt.sh contents (you already have it) and test it manually from a terminal to confirm behavior. 2) Disable or be cautious about autonomous invocation — require explicit user confirmation before the skill runs. 3) Never include secrets or private data in prompts sent to this skill; verify generated content before executing automation. 4) If you plan to use it, run an initial test with non‑sensitive placeholder content to confirm it interacts with your environment as expected. If you are uncomfortable with automated browser actions running without a final user confirmation, do not install or enable this skill.

Review Dimensions

Purpose & Capability: noteThe skill claims to automate NotebookLM to generate slides and download a PDF, and the bundled script uses the OpenClaw browser CLI to open notebooklm.google.com, paste content, generate a presentation and download a PDF — this is coherent with the stated purpose. Minor oddity: SKILL.md insists the agent must run the bundled script via exec rather than using the browser tool directly, but the script itself drives the browser via the openclaw browser CLI, which is reasonable for this automation task. The script assumes a specific workspace path (~/.openclaw/workspace/skills/auto-ppt/scripts/create_ppt.sh) — expected for an installed skill but worth noting if you run the script outside the expected environment.
Instruction Scope: concernSKILL.md requires the agent to generate a long structured document (1500–3000 words) and immediately execute the script in the same turn without asking the user for confirmation or reporting intermediate steps. It explicitly tells the agent not to report tool config issues, to ignore memory/session errors, and not to pause for user confirmation. That reduces user oversight and increases the risk that sensitive context (chat history, memory contents, secrets) could be included in the generated text and then uploaded to Google NotebookLM without an explicit user check. The instructions also push token‑saving behaviors (don't reprint content) which further encourage blind execution.
Install Mechanism: okThis is an instruction-only skill with one bundled shell script; there is no installer that downloads arbitrary code from the network. The script is included in the package and uses the openclaw browser CLI. No remote downloads or extract operations are performed by the skill itself.
Credentials: okThe skill does not request environment variables, credentials, or config paths. The only external dependency is the openclaw browser CLI and the user's logged‑in NotebookLM session (the README and SKILL.md instruct the user to log in manually). No unrelated secrets are requested in metadata.
Persistence & Privilege: concernThe skill does not set always:true and does not request special persistent privileges, which is good. However, the SKILL.md's insistence on single-turn, immediate execution (and instruction to ignore diagnostics) combined with normal autonomous invocation capability increases potential risk: if the agent autonomously decides to run the skill it could perform browser automation and upload generated content to NotebookLM without explicit user confirmation. Consider disabling autonomous invocation for this skill unless you trust it.