ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PopAI Powerpoint Slides

v1.0.1

Create presentations (PPT) using PopAI API. Use when asked to create slides, presentations, decks, or PPT content via PopAI. Supports uploading reference fil...

0· 238·0 current·0 all-time
by@zdawang000
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required env (POPAI_API_KEY), and network targets (api.popai.pro, popai-file S3) align with a PopAI PPT generator. However there are minor inconsistencies: SKILL.md final-result examples reference popai-file-boe.s3-accelerate.amazonaws.com while the script uploads to popai-file.s3-accelerate.amazonaws.com, and SKILL.md includes a hard-coded developer path (/Users/Gunnar/...) used in the example run command which is unrelated to the skill's declared scope.
!
Instruction Scope
Instructions ask the agent to run the included Python script in background and to poll a temp output file — behavior consistent with streaming generation. But the run example uses an absolute, developer-specific cwd (/Users/Gunnar/...), which is inappropriate and may cause failures or accidental path disclosure if copied literally. The instructions also tell the agent to read the output file via cat/Read (expected) but give the agent discretion to poll every ~30s; this is broad but understandable for streaming. Overall the scope is mostly appropriate, with an avoidable hard-coded path and somewhat permissive polling instructions.
Install Mechanism
No install spec (instruction-only) — low-risk from installation perspective. The included script imports the 'requests' package but the skill does not declare this dependency; that may cause runtime failures if not present. Nothing in the manifest downloads arbitrary external code.
Credentials
Only POPAI_API_KEY is required and is the primary credential — this is proportionate for a service that calls the PopAI API and uploads files to PopAI-managed S3. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The skill does not request elevated or persistent platform privileges beyond autonomous invocation (the platform default).
What to consider before installing
This skill appears to do what it claims (generate PPTs via PopAI) but has a few red flags you should address before use: 1) The SKILL.md run example uses a hard-coded developer path (/Users/Gunnar/...) — do not copy that verbatim; run the script from the skill directory or update the path. 2) The Python script requires the 'requests' library but the skill doesn't declare it; ensure your environment has requests installed (pip install requests) or the script will fail. 3) Uploaded local files are sent to PopAI's presigned S3 endpoint — only upload files you consent to share with PopAI. 4) Verify the POPAI_API_KEY you provide is scoped appropriately and not reused across unrelated services. 5) The slight S3 domain mismatch in documentation vs code (popai-file vs popai-file-boe) could be a harmless doc drift but verify returned download URLs point to PopAI's domains before trusting them. If you are not comfortable, run this in an isolated environment and inspect/run the included generate_ppt.py locally to confirm behavior. If anything looks unexpected, do not provide sensitive files or credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📊 Clawdis
Binspython3
EnvPOPAI_API_KEY
Primary envPOPAI_API_KEY
latestvk976dz577q0v7rgwjm88e9gsy982tyqn
238downloads
0stars
2versions
Updated 23h ago
v1.0.1
MIT-0
@zdawang000
latest
Download

PopAI PPT Skill

Create presentations programmatically via PopAI's API. Supports optional file uploads as reference material or templates.

Setup

  1. Get API key from https://www.popai.pro
  2. Store in environment: export POPAI_API_KEY=...

Scripts

  • scripts/generate_ppt.py - Generate PPT via PopAI API (upload files → create channel → SSE stream → get pptx)

Usage Examples

# Generate PPT from topic only
python3 generate_ppt.py --query "人工智能发展趋势报告"

# With a template pptx file
python3 generate_ppt.py --query "特斯拉财报ppt" --file template.pptx

# With multiple reference files (max 5)
python3 generate_ppt.py --query "年度报告" --file template.pptx data.pdf chart.png

Agent Steps

  1. Get PPT topic from user

  2. If user provides local files, pass them via --file (max 5, supports pptx/pdf/docx/images etc.)

  3. Create a temp output file, then run script in background with --output:

    # Step 3a: Create temp file and launch in background
OUTFILE="/tmp/popai_ppt_$(date +%s).jsonl"
touch "$OUTFILE"

    # Step 3b: Run in background (run_in_background: true, timeout: 600000)
cd /Users/Gunnar/popai-python/.claude/skills/popai-presentations && POPAI_API_KEY="$POPAI_API_KEY" python3 scripts/generate_ppt.py --query "TOPIC" [--file FILE1 FILE2 ...] --output "$OUTFILE"

    Tell user: "PPT正在生成中,预计3-5分钟..."

  4. Poll for progress — periodically read new lines from the output file using Read tool or cat "$OUTFILE", and show progress to user:

    • task events → show task status updates
    • search events → show "正在搜索..."
    • summary event → show generation summary
    • pptx_ready event → final result (stop polling)
    • stream_end → generation complete (stop polling) Poll every ~30 seconds until pptx_ready or stream_end appears.

  5. Present final results to user:

    • Show summary text (from NODE_END event) as the generation summary
    • Show pptx_url as the download link: "下载PPT: <pptx_url>"
    • Show web_url as the site link: "在线查看/编辑: <web_url>"

Output

Event types (stdout, one JSON per line):

{"type": "task", "id": "1", "content": "搜索特斯拉最新财报数据", "status": "progressing"}
{"type": "search", "action": "Web Searching", "results": [{"title": "...", "url": "...", "snippet": "...", "date": "..."}]}
{"type": "tool_result", "event": "TOOL_CALLS-xxx", "action": "...", "result": "..."}
{"type": "summary", "text": "已完成特斯拉财报PPT的创建..."}
{"type": "stream_end"}

Final result (is_end: true):

{
  "type": "pptx_ready",
  "is_end": true,
  "pptx_url": "https://popai-file-boe.s3-accelerate.amazonaws.com/.../xxx.pptx",
  "file_name": "xxx.pptx",
  "preview_images": ["https://...0.jpeg"],
  "preview_count": 10,
  "web_url": "https://www.popai.pro/agentic-pptx/<channelId>"
}
  • pptx_url: .pptx文件下载链接
  • web_url: PopAI源站链接,可在线查看和编辑
  • summary: NODE_END事件的最终总结文本,展示给用户作为生成摘要

Technical Notes

  • Streaming: SSE stream; TOOL_CALLS-pptx event contains final .pptx download URL; last:true marks stream end
  • File Upload: Presigned POST to S3 via getPresignedPost, supports any file type
  • Timeout: Generation takes 3-5 minutes

Comments

Loading comments...