NanoBanana PPT Skills

基于 AI 自动分析文档内容，智能规划并生成多风格高清 PPT 图片，支持可选转场视频和交互式播放体验。

Summary of what to check before installing/using: - Do not paste API keys into chat prompts. The README contains example prompts that include 'MY API KEYS' — sending actual keys into conversation will leak them to the agent/skill. - Verify the repository/source before cloning. The skill references a GitHub repo; confirm the URL and owner are legitimate and review the repo on GitHub rather than relying solely on the SKILL.md. - Inspect install scripts (install_as_skill.sh, run.sh) and any scripts that modify ~/.zshrc or write .env files before executing them. Ensure they do not add unexpected remote endpoints, telemetry, or write secrets to shared locations. - Prefer manual installation: create a virtualenv, run pip installs yourself, and populate a local .env that you control. Avoid letting an agent perform the git clone + install steps with secrets provided in prompts. - Limit where API keys are stored: prefer a skill-specific .env in the skill directory or system environment variables with limited scope. Be cautious because the code's described search-upward behavior for .env could pick up keys from unrelated projects. - If you need only image generation, skip providing KLING keys (video service) unless you plan to use video features. - If you decide to proceed, run the scripts in a sandboxed environment first (or examine them line-by-line). If anything in the scripts looks like it exfiltrates data to unknown endpoints, stop and revoke any keys that were used. Overall: functionality looks coherent with the stated feature set, but several instruction-level practices (encouraging keys in prompts, modifying shell startup files, searching multiple .env locations) are risky — treat this skill as suspicious until you manually review the code and scripts.

Type: OpenClaw Skill Name: nanobanana-ppt-skills Version: 0.1.0 The skill bundle exhibits several risky capabilities without clear evidence of intentional malicious behavior, leading to a 'suspicious' classification. Key indicators include the ability to read arbitrary local files (e.g., user documents) as input, as explicitly stated in `SKILL.md` ('使用 Read 工具读取文件内容'). This broad file access, combined with the skill's functionality to send user-provided content and images (base64 encoded) to multiple external AI services (Google Gemini, Kling AI, Claude AI via `kling_api.py` and `transition_prompt_generator.py`), presents a potential data exfiltration risk if the AI agent itself were compromised by a prompt injection. Furthermore, the `transition_prompt_generator.py` directly embeds a `content_context` (which could originate from user input processed by the agent) into the prompt sent to Claude, creating a potential prompt injection vector against the downstream AI. While `ffmpeg` is used for legitimate video processing in `video_composer.py`, its execution via `subprocess.run` adds to the overall risk profile due to its powerful system access.