pi-ppt
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent for generating PowerPoint files through PI, but it requires PI credentials and can upload a user-selected document to the external PI service.
Before installing, verify that you trust this skill owner and the PI base URL, use limited PI credentials, and only upload documents you are comfortable sharing with PI. The provided artifacts do not show hidden persistence, destructive behavior, or unrelated data access.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less information for verifying who maintains the skill and whether it is the intended PI integration.
The artifacts do not provide an independently identifiable source or project homepage, which limits provenance context for a skill that uses an external API.
Source: unknown; Homepage: none
Install only if you trust the registry owner, and independently verify the PI base URL before providing credentials or documents.
Anyone with the app secret may be able to use the associated PI API access, and pasted secrets can end up in shell history or logs.
The skill requires PI app credentials and shows them being supplied to the runtime environment; this is expected for the PI API but is sensitive.
PIPPT_BASE_URL=xxx PIPPT_APP_ID=xxx PIPPT_APP_SECRET=xxx python3 scripts/generate_pi_ppt.py
Use a scoped PI credential, set secrets through a secure environment or secret manager, and avoid pasting real secrets into shared chats, logs, or command history.
A selected local document may leave the machine and be processed by the external PI service.
When a file path is provided, the script opens the local document and uploads it to the configured PI service endpoint.
UPLOAD_FILE_URL = f"{PI_PPT_BASE_URL}/api/v1/integration/file/upload"; requests.post(UPLOAD_FILE_URL, data=data, files=files, timeout=30)Only pass `--file` for documents the user explicitly intends to upload, avoid confidential files unless PI is approved for them, and use a trusted HTTPS PI base URL.