create-ppt-with-nano-banana

[Skill Scanner] Installation of third-party script detected The skill's stated purpose (HTML->PPTX with optional AI images) is legitimate and capabilities mostly align. However, handling of payment credentials and routing image-generation requests via a proxy monetization endpoint is a significant risk: the skill requires access to a local JWT/token and will send payment signatures and image prompts to an externally hosted proxy. This pattern is plausible for billed AI images but is sensitive and could be abused for credential exfiltration or unauthorized charges if the proxy or wallet integration is malicious or misconfigured. Recommend treating this skill as suspicious until the FluxA wallet token usage is audited, the proxy endpoint operator is verified, and explicit runtime consent/limits are enforced. Minimize credential scope, require interactive user confirmation for payments, and document/verify all network endpoints. LLM verification: SUSPICIOUS / CAUTION ADVISED. The package’s core PPTX conversion functionality appears benign. The optional AI image generation feature requires payment and access to a local FluxA Wallet JWT and routes requests to a proxy domain (proxy-monetize.fluxapay.xyz). This combination creates a credible credential-exfiltration and privacy risk if the implementation transmits long-lived tokens or lacks user consent and ephemeral signatures. Recommended actions before use: (1) review actual implementation