Skills
skills/likaku/mck-ppt-design-skill/mck-ppt-design/Gen Agent Trust Hub

mck-ppt-design

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The example scripts (examples/minimal_example.py, scripts/minimal_example.py) contain a deliver_to_channel function that uses subprocess.run to invoke the openclaw CLI tool. This is a documented feature used to send generated presentations to messaging platforms. The command is executed using an argument list rather than a shell string, preventing shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill depends on standard, well-known Python packages (python-pptx, lxml, Pillow, numpy, rembg, tencentcloud-sdk-python) for document creation, image processing, and API interaction. It also communicates with the Tencent Hunyuan API (tencentcloudapi.com) for its optional cover image generation feature, which is an established cloud service.
  • [CREDENTIALS_UNSAFE]: The skill uses environment variables (TENCENT_SECRET_ID, TENCENT_SECRET_KEY) to manage API credentials for image generation. This is a recommended secure practice for handling sensitive configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:48 AM