scientific-slides

[Skill Scanner] Natural language instruction to download and install from URL detected The package appears to perform its stated function (AI slide/image generation and PDF assembly) and contains no direct indicators of classical malware (reverse shells, data theft code, or obfuscated malicious logic). The dominant security concern is the intentional design encouraging frequent upload of local files and use of an external API key — this creates a moderate to high data-exfiltration risk for sensitive or unpublished research materials if used without strict operational controls. I rate the code as non-malicious but moderately risky: do not attach sensitive data, audit API key handling, and prefer private/on-premise alternatives or strict manual review of attachments before upload. LLM verification: No direct evidence of malware or deliberate backdoor activity is present in the provided documentation. The primary security concern is privacy and potential data exfiltration: the skill explicitly instructs attaching local files and sending prompts to a third-party service authenticated by OPENROUTER_API_KEY. Without the actual script implementations, TLS and logging behavior cannot be verified. Recommendation: treat attachments and prompts as sensitive, avoid uploading proprietary or PII-conta