ClawHub
Back to skill
v1.0.0

Ai Ppt Generator 1.1.4

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:11 AM.

Analysis

The skill does what it claims—generates PowerPoint files through Baidu AI—but users should notice that it uses a Baidu API key, sends presentation content to Baidu, and saves the generated PPT to a Baidu-hosted URL.

GuidanceThis skill appears purpose-aligned. Before installing, make sure you are comfortable sending PPT topics and any provided content to Baidu AI, and use a dedicated Baidu API key if possible. Avoid generating decks from sensitive or confidential material unless Baidu processing and hosted PPT links are acceptable for your use case.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Run `random_ppt_theme.py --query "TOPIC"` ... Monitor output, wait for `is_end: true` to get final PPT URL

The skill instructs the agent to run included Python scripts and wait for a long-running external API operation. This is central to the stated PPT-generation purpose and is not hidden.

User impactThe agent may run local Python scripts for several minutes while waiting for Baidu to generate the PPT.
RecommendationOnly invoke the skill when you intend to create a PPT, and review the topic/content before allowing it to be sent to the service.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Source: unknown
Homepage: none

The registry does not provide a source repository or homepage. This is a provenance gap users may want to consider, especially because the skill uses an API credential, but the provided code is coherent with the declared purpose.

User impactUsers have less external provenance information to verify the publisher or review the project outside the registry artifact.
RecommendationReview the included scripts before installation and prefer a dedicated Baidu API key rather than a broadly privileged or shared key.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/generate_ppt.py
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_key

The script reads a Baidu API key from the environment and uses it as a bearer token for Baidu API calls. This is expected for a Baidu PPT generation integration, but it gives the script authority to act through the user's Baidu API account.

User impactUsing the skill may consume Baidu API quota or associate generated content with the user's Baidu account.
RecommendationUse a dedicated, least-privileged Baidu API key if available, keep it private, and avoid using the skill with content that should not be sent to Baidu.
Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/generate_ppt.py
"web_content": web_content,
        "enable_save_bos": True

The generated PPT request can include user-provided web content and asks Baidu to save the result to Baidu object storage. This matches the skill's output model but affects where generated content is stored.

User impactPresentation topics, outlines, optional content, and generated PPT output may be processed and stored by Baidu, with a final downloadable URL returned.
RecommendationDo not include secrets, private documents, or regulated data unless you are comfortable with Baidu processing and hosting the generated PPT.