ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Felo Slides

v1.0.1

Generate PPT/slides with Felo PPT Task API in Claude Code. Use when users ask to create/make/generate/export presentations or slide decks, or when explicit c...

0· 1.1k·6 current·7 all-time
bywangzhiming@wangzhiming1999
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's code and instructions perform exactly the advertised task (create PPT tasks via openapi.felo.ai and poll for results). However the registry metadata claims no required env vars or binaries, while the SKILL.md and script require FELO_API_KEY (and optionally FELO_API_BASE) and a Node runtime. The missing declarations are a mismatch.
!
Instruction Scope
SKILL.md directs the agent to check FELO_API_KEY and run a bundled Node script that POSTs to /v2/ppts and polls /v2/tasks/... — all consistent with slide generation. But it also instructs use of Bash/node commands while the manifest lists no required binary. The instructions do not attempt to read unrelated files or exfiltrate other credentials, but they do send user-provided prompt content to an external service (felo.ai).
Install Mechanism
No external downloads or installers are used; the skill is instruction-only plus a bundled script. Nothing in the install path writes or fetches remote code at install time.
!
Credentials
The script legitimately needs FELO_API_KEY (and optionally FELO_API_BASE) but the skill manifest does not declare any required environment variables or a primary credential. This omission is disproportionate and reduces transparency (users won't be warned that an API key is needed). The skill does not request unrelated credentials.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. It does not modify other skills or system settings.
What to consider before installing
This skill appears to do what it says (create and poll Felo PPT tasks), but the package metadata fails to declare two important things: (1) it requires you to set FELO_API_KEY (and optionally FELO_API_BASE), and (2) it requires a Node runtime to execute the bundled script. Before installing or using it, confirm you trust felo.ai (prompts and slide content are sent to their API), verify the origin of this package (the manifest points to a GitHub repo but Source/Homepage were shown as unknown/none), and ask the skill author to update the manifest to declare FELO_API_KEY as a required credential and to note the Node requirement. If you proceed, ensure the API key you provide is scoped appropriately and avoid sending sensitive or private data in prompts.
scripts/run_ppt_task.mjs:192
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e16w8r3c5xafd72y372xfxh836hw0
1.1kdownloads
0stars
2versions
Updated 21h ago
v1.0.1
MIT-0
wangzhiming@wangzhiming1999
latest
Download

Felo Slides Skill

When to Use

Trigger this skill for requests about creating presentation files:

  • Create/generate slides from a topic or outline
  • Turn notes into a PPT deck
  • Build a presentation with a page count requirement
  • Export presentation content into a shareable slide link

Trigger keywords:

  • Chinese prompts about making slides or presentations
  • English: slides, PPT, presentation deck, generate presentation
  • Explicit commands: /felo-slides, "use felo slides"

Do NOT use this skill for:

  • Real-time information lookup (use felo-search)
  • Questions about local codebase files
  • Pure text tasks that do not require slide generation

Setup

1. Get API key

  1. Visit felo.ai
  2. Open Settings -> API Keys
  3. Create and copy your API key

2. Configure environment variable

Linux/macOS:

export FELO_API_KEY="your-api-key-here"

Windows PowerShell:

$env:FELO_API_KEY="your-api-key-here"

How to Execute

Use Bash tool commands and follow this workflow exactly.

Step 1: Precheck API key

if [ -z "$FELO_API_KEY" ]; then
  echo "ERROR: FELO_API_KEY not set"
  exit 1
fi

If key is missing, stop and return setup instructions.

Step 2: Run Node Script (create + poll)

Use the bundled script (no jq dependency):

node felo-slides/scripts/run_ppt_task.mjs \
  --query "USER_PROMPT_HERE" \
  --interval 10 \
  --max-wait 1800 \
  --timeout 60

To apply a specific theme, first list available themes with felo ppt-themes, then pass the theme ID:

node felo-slides/scripts/run_ppt_task.mjs \
  --query "USER_PROMPT_HERE" \
  --theme "THEME_ID_HERE" \
  --interval 10 \
  --max-wait 1800 \
  --timeout 60

Script behavior:

  • Creates task via POST https://openapi.felo.ai/v2/ppts
  • Supports optional --theme <id> to apply a PPT theme (sends ppt_config.ai_theme_id)
  • Supports optional --task-id <id> to resume polling an existing task (skips creation)
  • Polls via GET https://openapi.felo.ai/v2/tasks/{task_id}/historical
  • Treats COMPLETED/SUCCESS as success terminal (case-insensitive)
  • Treats FAILED/ERROR as failure terminal
  • Stops polling immediately on terminal status
  • Prints ppt_url on success (fallback: live_doc_url)

Optional debug output:

node felo-slides/scripts/run_ppt_task.mjs \
  --query "USER_PROMPT_HERE" \
  --interval 10 \
  --max-wait 1800 \
  --json \
  --verbose

This outputs structured JSON including:

  • task_id
  • task_status
  • ppt_url
  • live_doc_url
  • livedoc_short_id
  • ppt_business_id
  • error_message

Step 4: Return structured result

On success, return:

  • ppt_url immediately (script default output, fallback live_doc_url)
  • if --json is used, also include task_id, terminal status, and optional metadata

Output Format

Use this response structure:

## PPT Generation Result

- Task ID: <task_id>
- Status: <status>
- PPT URL: <ppt_url>
- Live Doc URL: <live_doc_url or N/A>

## Notes

- livedoc_short_id: <value or N/A>
- ppt_business_id: <value or N/A>

Error format:

## PPT Generation Failed

- Error Type: <error code or category>
- Message: <readable message>
- Suggested Action: <next step>

Error Handling

Known API error codes:

  • INVALID_API_KEY (401): key invalid or revoked
  • PPT_TASK_CREATE_FAILED (502): create task downstream failed
  • PPT_TASK_QUERY_FAILED (502): query task downstream failed

Timeout handling:

  • If timeout reached, return last known status and instruct user to retry later
  • Include task_id so user can query again
  • IMPORTANT: To resume a timed-out task, use --task-id instead of --query to avoid creating a duplicate PPT:
node felo-slides/scripts/run_ppt_task.mjs \
  --task-id "TASK_ID_HERE" \
  --interval 10 \
  --max-wait 1800

Important Notes

  • Always execute this skill when user intent is slide generation.
  • Always return task_id so follow-up queries can continue from the same task.
  • Do not claim completion without a terminal status.
  • Keep API calls minimal: create once, then poll.

References

Comments

Loading comments...