Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Slide Outline Generator
v1.0.0Generate PowerPoint presentations and academic posters from paper abstracts or full paper content, with automatic layout optimization and citation formatting.
⭐ 0· 31·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and README claim end-to-end generation from abstracts or PDFs into .pptx files with layout optimization and citation formatting. The provided script, however, only: (a) parses a plain-text abstract with a trivial parse_abstract stub, (b) prints textual outlines, and (c) optionally writes a separate python script that would use python-pptx. There is no PDF parsing or citation formatting implementation despite the documentation promising PDF validation and specific error messages. This is a capability mismatch — the requested capabilities (PDF parsing, citation formatting, automated .pptx creation) are not present in the code.
Instruction Scope
SKILL.md instructs a workflow that includes PDF validation, explicit error messages for encrypted/image-only PDFs, and generating .pptx output. The runtime instructions to run py_compile and --help are harmless. However, the SKILL.md's promised PDF validation and error-handling are not actually implemented in scripts/main.py (the script accepts --paper but does not parse PDFs). The instructions are therefore aspirational and grant the agent rights to request/validate PDFs that the code cannot handle, which could cause confusion or extra data collection attempts.
Install Mechanism
No install spec is provided (instruction-only with a small Python script). Nothing is downloaded or installed automatically by the skill itself, which minimizes install-time risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code does not read environment variables or access external services. Credential or secret access is not requested, which is proportional to the (limited) functionality.
Persistence & Privilege
The skill is not marked always:true and doesn't request persistent presence or system-wide configuration changes. It does not write to system configs; it only writes an optional generator file into the current working directory when --generate-code is used.
What to consider before installing
This skill's documentation promises full PDF parsing, validation, and automated .pptx generation, but the included code only produces textual outlines and can write a separate python script that would require you to install python-pptx and run it manually. Before installing or using it:
- Do not assume it will parse PDFs: the --paper option is accepted but not implemented. If you plan to feed PDFs, verify locally whether PDF parsing is actually performed.
- If you need real .pptx output, be prepared to install python-pptx (pip install python-pptx) and inspect/execute the generated generator script safely.
- Expect the skill to be incomplete; ask the publisher for an updated version that includes PDF parsing, citation handling, and explicit dependency declarations (or include a requirements.txt).
- Because the mismatch appears like incomplete/unfinished implementation rather than malicious behavior, it's reasonably safe to test on non-sensitive sample documents, but avoid uploading confidential PDFs until you confirm the tool's actual behavior.
What would change this assessment: discovering that a later/alternate version includes robust PDF parsing code (with clear dependency declarations), explicit citation-formatting implementation, and no hidden network calls would make the skill coherent and could raise the verdict to benign.Like a lobster shell, security has layers — review code before you run it.
latestvk97bj8s24jpgxp5xhvby0n6qg9841q0h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.