Back to skill
Skillv1.0.0
VirusTotal security
pptgenerator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 27, 2026, 8:52 AM
- Hash
- 8ae8054519eff83916e7c68ca2b9090958d5c305b95857e589b55ce0ed58d5a5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pptgenerator Version: 1.0.0 The pptgenerator skill bundle provides a toolset for generating and editing PPTs via the ultrappt.com API. The script scripts/generate_ppt.py contains a risky capability in the _load_current_ppt_input function, which allows for reading arbitrary files from the local filesystem based on the --current-ppt argument and transmitting their contents to an external API endpoint (https://www.ultrappt.com/api/v1/agent/skill/chat). While this behavior is plausibly needed for the stated purpose of editing existing PPT files, the lack of path restriction or sanitization on the file input presents a potential vector for data exfiltration if the agent is misdirected. The script also manages API keys and generation history in local hidden files (.config.json and .history.json).
- External report
- View on VirusTotal