paper-2-web

[Skill Scanner] Installation of third-party script detected This SKILL.md specification appears coherent and consistent: the declared capabilities (Paper2Web, Paper2Video, Paper2Poster) align with the inputs, required APIs, and system dependencies described. There is no direct evidence of malicious code or deceptive data flows within this specification. The primary security concern is data exposure: the pipeline will send paper content and metadata to external services (OpenAI and optionally Google Search) which may be inappropriate for unpublished or sensitive research unless the user understands the privacy implications. Additional caution is warranted around third-party dependencies (requirements.txt) and optional binaries (Hallo2) which are outside this document. Overall the skill is benign in intent but carries moderate confidentiality risk if used with sensitive documents. LLM verification: The Paper2All skill's documentation indicates expected network interactions with OpenAI and optionally Google that are necessary for its LLM-driven features. The primary risks are non-malicious but significant: (1) confidentiality exposure of unpublished or sensitive papers to third-party APIs, (2) supply-chain risk from unpinned dependency installation and external package fetching, and (3) unclear provenance and potential external downloads for the talking-head/video components. I found no exp