医学文献ppt生成skill

将指定医学研究论文自动生成 PPTX 汇报文件的技能。用于用户给出单篇文献标题、PMID、DOI、InfoX-Med 文献 id 或可唯一定位该论文的信息时：先用 InfoX-Med 相关检索技能精确定位目标论文，再读取全文与原文图表，最后按基础研究型汇报大纲选择性生成 PPTX。适用于"根据这篇论文生成汇报PP...

This skill appears to implement what it claims (search InfoX‑Med, fetch full text/figures, and render PPTX), but there are important red flags you should address before installing or running it: - Credentials & endpoint: The code expects INFOX_MED_TOKEN and uses an API base; metadata does not declare these. medical_search.py has a hard-coded API token and fetch_fullpaper.py defaults to an IP address (60.205.166.229:9306). Treat these as suspicious: verify the token and the endpoint with the skill author or your InfoX‑Med administrator before use. Do not assume the embedded token or IP are legitimate. - Data exfiltration risk: At runtime the scripts will send identifiers and perform network requests to external servers to retrieve full text and images. If you will process non-public or sensitive material, audit and control which network hosts are contacted and avoid sending sensitive content to untrusted endpoints. - Operational recommendations: - Ask the author to remove any hard-coded tokens and declare required env vars in the skill metadata (INFOX_MED_TOKEN, optional INFOX_MED_API_BASE). - If you proceed, supply your own token via environment variable and override API_BASE to the official InfoX‑Med domain if provided by your organization. - Run the skill in an isolated environment (restricted network) first and monitor outbound connections to verify the actual endpoints used. - Review and, if needed, replace the default API_BASE/IP and remove embedded credentials before trusting the skill in production. - Prefer obtaining this skill from a verified source or require the author to publish a homepage/release notes so you can validate provenance. Given these mismatches (undeclared env var, embedded token, IP default), treat the package as suspicious until the origin and the endpoint/credential issues are resolved.

Type: OpenClaw Skill Name: research-paper-to-ppt-v1 Version: 1.0.0 The skill bundle implements a legitimate and complex pipeline for converting medical research papers into PowerPoint presentations. It uses a series of Python scripts to search for literature via the InfoX-Med API, fetch full-text content, extract figures, and validate data, followed by a Node.js script (`render_pptx_from_slides.js`) to generate the final .pptx file. While the scripts utilize subprocesses to chain execution and handle API tokens from environment variables, these actions are well-documented in `integration-notes.md` and directly support the stated functionality. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.