Skillv1.0.7

ClawScan security

Report Ppt Generator Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 8, 2026, 12:02 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches a PPT-generation purpose, but its runtime instructions reference undeclared environment/config variables and remote-model/image APIs (and an external skill script) that could cause user images and text to be sent to third-party services — the behaviour is explainable but not fully specified.
Guidance: This skill appears to do what it says (generate PPTs), but there are a few things to consider before installing or running it: - Data sent to remote models: The style-extraction step uses a configured image-capable LLM (sessions_spawn) and the optional AI-illustration flow calls a nanobanana/Gemini pipeline. Any screenshots, images, or text you provide for style analysis or illustration will be transmitted to whichever external model/API you configure — avoid uploading sensitive screenshots or proprietary images unless you accept that exposure. - Undeclared environment variables: SKILL.md examples reference CLAUDE_PLUGIN_ROOT and GEMINI_API_KEY (and a user default model), but the skill metadata does not declare these requirements. If you enable the AI-illustration option, you must ensure those variables and the referenced nanobanana skill are present and trustworthy. - Local file access: The conversion script will read images and HTML you point it at and will write files (default ~/clawd/output/). Don’t point the tool at system directories you don’t want read or included in outputs. - Executing external scripts: The AI-illustration example runs a Python script inside another skill path; that means third-party code will execute on your system if you follow that path. Only enable that optional feature if you trust the nanobanana-skill and its configuration. - Review the shipped Node script: html-to-pptx.js performs HTML parsing, downloads remote images (for URLs), and creates PPTX files. If you have security policies about fetching remote resources or executing arbitrary plugins, inspect or sandbox that behavior. If you want this skill but prefer a lower-risk setup: disable the AI-illustration option, use only local images you control, and configure a private/enterprise LLM (if available) rather than a public hosted model. If you need absolute assurance, ask the author for an explicit list of required env vars and a clear explanation of what is sent to external services.

Review Dimensions

Purpose & Capability: okName, description, templates, and the html-to-pptx conversion code align with generating PPTX from manuscripts and style examples. The included CSS/HTML templates and the Node conversion script are coherent with the stated goal.
Instruction Scope: concernSKILL.md instructs the agent to: (1) call sessions_spawn on a user-configured, image-capable LLM to perform style analysis (this will transmit user-provided screenshots to that model), and (2) optionally run an external script for AI image generation via a nanobanana-skill Python script (example uses ${CLAUDE_PLUGIN_ROOT} path). Those calls will send user content (images and prompts) to remote models/APIs. The documentation also shows downloading network images and reading local image paths; while expected for a PPT tool, it means arbitrary user-provided local paths or URLs may be read, and network images will be fetched. SKILL.md references environment/config variables and other skills not declared in requires.env (see environment_proportionality).
Install Mechanism: okNo install spec; this is instruction + shipped code (html template + Node script). No network download/install behavior in the skill package itself. package.json points to a GitHub repo and lists a dependency on another skill (nanobanana). This is a low-risk install footprint. There are no obscure download URLs or extracted archives.
Credentials: concernThe skill declares no required env vars but the instructions reference and depend on several external configs: CLAUDE_PLUGIN_ROOT (used in example to invoke nanobanana script), GEMINI_API_KEY (for Gemini image generation via nanobanana), and a 'user-configured default model' for sessions_spawn. Those credentials/configs are not declared in the metadata. Requesting or using third-party API keys is explainable for the optional AI-illustration feature, but the absence of declared env requirements is an inconsistency that reduces transparency.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide privileges. It writes output to a local directory (defaults to ~/clawd/output/) and reads assets from its own directory. It does not modify other skills' configs. The one privilege to note is that it may execute an external Python script from another skill if the user enables the optional AI-illustration flow.