ClawAudit verdict
ppt-generator
xfyun-ppt-gen
The skill generates professional PowerPoint presentations and does not contain any malicious or deceptive behavior.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Possible hardcoded credential
scripts/index.py ยท prose ยท downgraded ยท SECRET='your_api_secret
Python os.environ.get โ reads environment variable
scripts/index.py ยท prose ยท downgraded ยท os.environ.get(
Permissions & capabilities
Requires 2 environment variables. (1 sensitive: XF_PPT_API_SECRET). Requires 1 system binary.
Is this flag fair?
Thanks โ recorded.