AI PPT Generator

Name: ai-ppt-generator
Author: ide-rea

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to remote code execution by directly passing unsanitized user input to local Python scripts.

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

AI PPT Generator: Generate PPT using Baidu AI with intelligent template selection.

Actually does

The skill executes Python scripts (`ppt_theme_list.py`, `random_ppt_theme.py`, `generate_ppt.py`) using `python3`. It leverages a `BAIDU_API_KEY` to interact with Baidu's AI API for generating PowerPoint presentations. The skill can list templates, intelligently select one based on the topic, or use a specified template, ultimately providing a URL to the generated PPT hosted on Baidu Cloud storage.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameide-rea/ai-ppt-generator

Registryclawhub

Version1.1.3

PURLpkg:clawhub/ide-rea/ai-ppt-generator@1.1.3

Stars53

Downloads25,031

Installs235

Source

Repository ↗

SHA-256c4cce7ee8d05...

SHA-15dcf93073ea8...

MD5efe6df7693d0...

TLSH67618224faa5...

Size3,303 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/ide-rea/ai-ppt-generator

25,031 downloads235 installs

ClawHubDocs

openclaw skills install ide-rea/ai-ppt-generator

Assessments (1)

AI Agent Traps ↗

Command Injection via User Input in Script Argumentscriticalcommand execution

The skill executes local Python scripts (`generate_ppt.py`, `random_ppt_theme.py`) using `python3` and passes user-provided input (e.g., 'TOPIC', 'CATEGORY') directly as command-line arguments (`--query`, `--category`). Without proper sanitization of these inputs, a malicious user could inject arbitrary shell commands, leading to remote code execution.

90% confidenceline 44

python3 scripts/random_ppt_theme.py --query "人工智能发展趋势报告"
Run `generate_ppt.py --query "TOPIC" --tpl_id ID`

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ide-rea/ai-ppt-generator.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ide-rea/ai-ppt-generator)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ide-rea/ai-ppt-generator"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ide-rea/ai-ppt-generator.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ide-rea/ai-ppt-generator.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow