Codex PPT
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If fallback mode is used, the skill can make API calls using the configured key, which may incur costs or access the configured provider account.
The skill can store and use an API key for image generation. This is disclosed and purpose-aligned, but it is still sensitive account access.
`OPENAI_API_KEY` is required for real API/CLI fallback calls... The config is written to: `~/.codex-ppt-skill/.env`... The file is created with mode `0600`.
Use a dedicated API key if possible, verify the configured base URL, and remove or rotate the key if you no longer use the skill.
Deck source material or slide prompts may be processed by an external image provider when API/CLI fallback is used.
Fallback image generation can send prompts/content to OpenAI or a user-configured third-party compatible endpoint.
`OPENAI_BASE_URL` is optional. When it is unset, the CLI uses the official OpenAI API. When it is set, the CLI treats the request as a third-party OpenAI-compatible proxy request.
Avoid sending highly confidential material to untrusted providers, and only configure a third-party proxy you trust.
Installing dependencies may fetch newer package versions than the author tested.
The documented bootstrap flow relies on Python packages with lower-bound version ranges rather than pinned exact versions.
python-pptx>=1.0.2 Pillow>=10.0.0 openai>=2.0.0
Run the skill in an isolated environment and consider pinning or reviewing dependency versions in stricter environments.