Ai Ppt Generator 1
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a purpose-aligned Baidu AI PPT generator, but it uses your Baidu API key, sends PPT content to Baidu, and has a package identity mismatch worth verifying.
Install only if you intend to use Baidu Qianfan AI PPT with your own API key. Do not submit sensitive presentation content unless Baidu processing and storage are acceptable for your use case, and verify the package identity mismatch before trusting it with credentials.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured Baidu API key to generate PPTs and may consume quota or incur provider-side usage.
The script reads the user's Baidu API key from the environment and uses it as a bearer token for Baidu's PPT API. This is expected for the stated integration, but it grants use of the user's Baidu account/API quota.
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_keyUse a scoped or revocable Baidu API key if available, monitor usage, and only run the skill for intended PPT generation tasks.
PPT topics, outlines, optional supplied content, and generated presentation output may be processed or stored by Baidu services.
The code sends the user's PPT query and optional web_content to Baidu's Qianfan AI PPT endpoints and requests saved output. This matches the skill purpose, but it is an external provider data flow.
URL_PREFIX = "https://qianfan.baidubce.com/v2/tools/ai_ppt/" ... "query": query ... "web_content": web_content ... "enable_save_bos": True
Avoid submitting confidential or regulated content unless your use of Baidu's service is approved for that data.
The package may have been renamed, republished, or inconsistently packaged, making it harder to confirm provenance.
The bundled metadata differs from the registry metadata shown for this evaluation, which lists a different owner ID, slug, and version. This does not show malicious behavior, but it is a provenance/identity inconsistency.
"ownerId": "kn7akgt520t01vgs2tzx7yk6m180kt26", "slug": "ai-ppt-generator", "version": "1.1.4"
Verify that the publisher and package identity are the ones you intended to install before providing an API key.