Skillv1.0.1

ClawScan security

Felo Slides · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 10:20 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (posting prompts and polling results at openapi.felo.ai using a bundled Node script) matches its stated purpose, but the package metadata/manifest omits required environment variables and runtime requirements (FELO_API_KEY and Node), which is an incoherence you should resolve before trusting it.
Guidance: This skill appears to do what it says (create and poll Felo PPT tasks), but the package metadata fails to declare two important things: (1) it requires you to set FELO_API_KEY (and optionally FELO_API_BASE), and (2) it requires a Node runtime to execute the bundled script. Before installing or using it, confirm you trust felo.ai (prompts and slide content are sent to their API), verify the origin of this package (the manifest points to a GitHub repo but Source/Homepage were shown as unknown/none), and ask the skill author to update the manifest to declare FELO_API_KEY as a required credential and to note the Node requirement. If you proceed, ensure the API key you provide is scoped appropriately and avoid sending sensitive or private data in prompts.

Review Dimensions

Purpose & Capability: noteThe skill's code and instructions perform exactly the advertised task (create PPT tasks via openapi.felo.ai and poll for results). However the registry metadata claims no required env vars or binaries, while the SKILL.md and script require FELO_API_KEY (and optionally FELO_API_BASE) and a Node runtime. The missing declarations are a mismatch.
Instruction Scope: concernSKILL.md directs the agent to check FELO_API_KEY and run a bundled Node script that POSTs to /v2/ppts and polls /v2/tasks/... — all consistent with slide generation. But it also instructs use of Bash/node commands while the manifest lists no required binary. The instructions do not attempt to read unrelated files or exfiltrate other credentials, but they do send user-provided prompt content to an external service (felo.ai).
Install Mechanism: okNo external downloads or installers are used; the skill is instruction-only plus a bundled script. Nothing in the install path writes or fetches remote code at install time.
Credentials: concernThe script legitimately needs FELO_API_KEY (and optionally FELO_API_BASE) but the skill manifest does not declare any required environment variables or a primary credential. This omission is disproportionate and reduces transparency (users won't be warned that an API key is needed). The skill does not request unrelated credentials.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-wide privileges. It does not modify other skills or system settings.