ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PPT Translator

v1.0.0

Translate PowerPoint files to any language while preserving layout. Uses a render-and-verify agent loop (LibreOffice + Vision) to guarantee no text overflow....

0· 1k·13 current·13 all-time
byJiaqi@nimo1987
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (translate PPTX while preserving layout) match the included script and SKILL.md. The script extracts text, rewrites slides with scaled fonts, and can invoke LibreOffice to render PNGs — all coherent with the stated purpose. Required binaries listed in _meta.json (libreoffice, python-pptx) are appropriate.
Instruction Scope
SKILL.md instructs an agent loop that uses an LLM for translation and a Vision model for overflow detection. The shipped script only performs extraction, rewriting, and local LibreOffice rendering; it does not itself call external APIs. However, the agent-level instructions implicitly require sending slide content to an LLM and to a Vision model for verification — this is expected for the feature but is a privacy/data-flow consideration because endpoints/credentials are not specified.
Install Mechanism
No install spec is provided (instruction-only with a small helper script). That is low-risk: nothing is automatically downloaded or written to disk by an installer. Runtime requires system LibreOffice and Python dependency python-pptx, which is reasonable and declared.
Credentials
The skill declares no required environment variables or credentials (correct). However, SKILL.md assumes use of an LLM and a Vision model; depending on your agent configuration these calls may transmit slide content to external services and may require API keys not declared here. This is a privacy/operational consideration, not a hidden credential request by the skill itself.
Persistence & Privilege
Skill is not marked always:true and is user-invocable. It does not request persistent system-wide changes or other skills' configs. It will read and write files provided by the user (input/output paths) which is expected for its purpose.
Assessment
This skill appears to be what it claims: a local utility + agent loop that rewrites PPTX and uses LibreOffice to render for overflow checks. Before installing/use: (1) Ensure LibreOffice and python-pptx are available locally; the script calls the libreoffice binary (subprocess) and will write output files in the specified directory. (2) Provide an explicit --output path when invoking the script (args.output is optional in code but passing None may cause errors). (3) Understand privacy implications: SKILL.md expects an LLM to translate and a Vision model to check renders — if your agent forwards slide content to external model APIs, that will send potentially sensitive data off your system and may require API keys not included here. (4) The script itself does not contact network endpoints or require secrets, but the overall workflow depends on your agent's LLM/Vision configuration; only install/run if you trust how those components will be invoked and where data will go. (5) As always, review or run the script in a safe environment on non-sensitive files first.

Like a lobster shell, security has layers — review code before you run it.

latestvk973vd8hc9csrv83hp04s2100d81r8hf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments