Skip to main content
Back to skill

Security audit results

PowerPoint Creator · clawdhub/pptx-creator

Version

1.0.0

Status: pending_audit
Created: 1/16/2026, 8:01:36 PM
Latest
aiWARN
Risk: mediumStarted: 1/16/2026, 8:02:34 PMCompleted: 1/16/2026, 8:02:43 PM
View report details
{
  "notes": "No dependencies reported; readme references external docs but no explicit runtime network usage declared.",
  "risks": [
    {
      "category": "network",
      "evidence": "sourceScan flagged scripts/create_pptx.py with excerpts: \"Fetch data from CRM.\" and warning about CRM not configured, suggesting optional network access not declared.",
      "severity": "medium",
      "recommendation": "Document any network endpoints used for CRM/data fetching or remove network calls if not required. Update manifest allowNetwork accordingly."
    },
    {
      "category": "filesystem",
      "evidence": "scripts/create_pptx.py uses subprocess.run (sourceScan exec flag), which may execute external commands.",
      "severity": "low",
      "recommendation": "Audit subprocess usage to ensure only intended local commands are executed and no untrusted input is passed."
    }
  ],
  "summary": "Potential undeclared network usage and subprocess execution detected in create_pptx.py; manual review recommended.",
  "verdict": "warn",
  "allowNetwork": [],
  "requireHumanReview": true
}
dependencyPASS
Risk: lowStarted: 1/16/2026, 8:02:34 PMCompleted: 1/16/2026, 8:02:34 PM
View report details
{
  "requires": {
    "env": [],
    "bins": [
      "uv"
    ],
    "config": [],
    "anyBins": []
  },
  "installers": [],
  "references": {
    "tools": [],
    "connectors": []
  },
  "dependencies": []
}
licensePASS
Risk: lowStarted: n/aCompleted: n/a
View report details
{
  "license": "MIT",
  "allowlisted": true
}
metadataPASS
Risk: lowStarted: n/aCompleted: n/a
View report details
{
  "name": "PowerPoint Creator",
  "type": "tool",
  "license": "MIT",
  "version": "1.0.0",
  "homepage": "https://python-pptx.readthedocs.io",
  "security": {
    "openSource": true,
    "safeListed": false,
    "auditRequired": true,
    "requireSource": false,
    "requiresAudit": true,
    "repositoryHost": null,
    "declaredOpenSource": true,
    "declaredAuditRequired": null,
    "repositoryHostAllowed": null
  },
  "repository": null,
  "description": "Create professional PowerPoint presentations from outlines, data sources, or AI-generated content. Supports custom templates, style presets, charts/tables from data, and AI-generated images. Use when asked to create slides, pitch decks, reports, or presentations.",
  "sourceBytes": 16514,
  "capabilities": [
    "document-create",
    "presentation-create",
    "data-visualization",
    "template-management"
  ],
  "sourceCommit": null,
  "sourceSha256": "82f68c175adc3205b428da1ea1f8e1c6d7d85357b503814ae23d1887b9ab0cf6"
}
sandboxPASS
Risk: lowStarted: 1/16/2026, 8:02:34 PMCompleted: 1/16/2026, 8:02:34 PM
View report details
{
  "reason": "sandbox deferred in v1",
  "skipped": true
}
staticPASS
Risk: lowStarted: 1/16/2026, 8:02:34 PMCompleted: 1/16/2026, 8:02:34 PM
View report details
{
  "flags": [],
  "fileCount": 7,
  "sourceScan": {
    "totalFiles": 7,
    "scannedFiles": 7,
    "skippedBytes": 0,
    "skippedFiles": 0,
    "suspiciousFiles": [
      {
        "path": "SKILL.md",
        "reasons": [
          "network"
        ],
        "excerpts": [
          "homepage: https://python-pptx.readthedocs.io"
        ]
      },
      {
        "path": "scripts/create_pptx.py",
        "reasons": [
          "network",
          "exec"
        ],
        "excerpts": [
          "    \"\"\"Fetch data from CRM.\"\"\"",
          "        print(\"Warning: CRM not configured, skipping data fetch\", file=sys.stderr)",
          "        import subprocess",
          "        result = subprocess.run("
        ]
      }
    ]
  }
}