Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
mm-output
v1.0.1Parse PDF/Markdown files into structured HTML posters with multi-modal output (PDF, PNG, DOCX, PPTX), or generate poster/slides images via Gemini image gener...
⭐ 1· 148·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code, README, and SKILL.md all describe LLM-driven rendering and Gemini image generation which legitimately requires API keys and network access. However, the registry metadata claims no required environment variables or credentials while the project clearly expects OPENAI_API_KEY / RUNWAY_API_KEY / IMAGE_GEN_API_KEY / TEXT_MODEL, etc. That mismatch (declared none vs. actual required) is an incoherence that should be resolved before trusting the skill.
Instruction Scope
SKILL.md and run.py instruct the agent to install system packages, create a local .env file, and call LLM/image generation backends. The included .env.txt points at non-standard endpoints (e.g., runway.devops.rednote.life and runway.devops.xiaohongshu.com). The instructions do not try to read unrelated host credentials, but they do direct potentially sensitive content (parsed document text and images) to external LLM/image endpoints — expected for this tool but worth verifying which endpoints and with what keys.
Install Mechanism
There is no platform 'install' metadata, but the bundle includes install.sh that: runs apt-get to install system libraries (requires root), downloads the UV installer via curl, installs Python 3.12 with UV, and installs Playwright browsers. Those are standard but invasive operations (system package installs, network downloads). The curl installer is from astral.sh (UV project) which is a known source; pip/uv dependencies also include a GitHub package (git+https://github.com/Hadlay-Zhang/marker.git). No obviously obfuscated or random download URLs in the install script, but running install.sh will materially change the host system.
Credentials
The skill needs multiple API keys (OpenAI/Gemini/Qwen/RUNWAY/IMAGE_GEN) according to SKILL.md and .env.txt, but the registry did not declare them. The example .env includes IMAGE_GEN_ENDPOINT pointing to a non-public domain (runway.devops.rednote.life) and README references runway.devops.xiaohongshu.com — both look like internal/service endpoints rather than a public vendor endpoint. Requiring multiple secrets and an internal endpoint without declaring them or explaining trust boundaries is disproportionate and raises exfiltration/third-party trust concerns.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges in metadata. It will create a virtualenv and a .env file inside the project directory (normal). The included install.sh does require root to apt-get packages — that is a user action and not an automatic privilege escalation by the skill itself.
What to consider before installing
This package looks functionally consistent with a poster/slide generator that uses LLMs and Gemini-style image APIs, but there are several red flags you should check before installing or running: 1) The registry lists no required environment variables, yet the code and SKILL.md expect API keys (OpenAI / RUNWAY / IMAGE_GEN / TEXT_MODEL). Do not supply keys until you confirm which are actually required. 2) Inspect files that call external services (paper2slides/image_generator.py, mm_output/integrate.py, renderer_unit.py) to see exact HTTP endpoints and what data is sent. The example .env contains non-public domains (runway.devops.rednote.life, runway.devops.xiaohongshu.com) — confirm those endpoints are trusted. 3) install.sh will run apt-get and download/install tools (UV, Python 3.12, Playwright). Run it only in an isolated environment (container or VM) and review the script first. 4) The repo contains hard-coded example test paths referencing internal network mounts — ignore or update those before running tests. 5) If you must try it, run in a disposable container, do not expose real API keys (use limited-scope/test keys), and review the network calls (e.g., with a proxy) to ensure no unexpected exfiltration. If you want, provide the contents of paper2slides/image_generator.py and mm_output/integrate.py and I can check exactly which endpoints and parameters the code posts so you can judge trustworthiness.Like a lobster shell, security has layers — review code before you run it.
latestvk979nrbgdjfks9kdbp6367hs8183jte7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.