Is prezentit safe?

https://clawhub.ai/VeGoVeVO/prezentit

82
SAFE

Prezentit is a straightforward API wrapper skill for a presentation generation SaaS service. It contains no executable code, no hidden instructions, no file system access, and no signs of malicious intent. The primary considerations are that user-generated content (presentation topics and outlines) is sent to a third-party API, and the skill includes AI-targeted response fields that guide agent behavior. The filesystem monitoring shows sensitive file reads during installation, but these are attributable to the OpenClaw runtime rather than the skill itself.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

LOW Directive agent behavior guidance -7

The skill uses strong directive language like 'CRITICAL FOR AI AGENTS', 'ALWAYS use stream: false', and 'FOLLOW THIS ORDER' to control agent behavior. While this is standard API integration guidance rather than malicious prompt injection, it does shape agent behavior in specific ways (e.g., forcing non-streaming mode, dictating workflow order).

LOW AI-targeted response fields guide agent decisions -15

API responses include '_ai' fields (canGenerate, maxSlidesAffordable, nextSteps, options) specifically designed to steer agent decision-making. This is an increasingly common API design pattern but means the remote server can influence agent behavior through response content.

LOW User content sent to third-party API -15

Presentation topics, outlines, detailed talking points, and custom design prompts are all sent to prezentit.net. This is inherent to the skill's purpose but means potentially sensitive business content (pitch decks, internal reports, strategy presentations) leaves the user's environment.

INFO API key transmitted to external service -5

The PREZENTIT_API_KEY is sent as a Bearer token to prezentit.net on every API call. This is standard and declared in permissions, but the key could theoretically be logged or misused by the remote service.

INFO Runtime reads of sensitive system files during install -15

Filesystem monitoring captured reads of /home/oc-exec/.env and /home/oc-exec/.aws/credentials during the installation phase. Analysis indicates these are from the OpenClaw agent runtime initialization (loading config, auth profiles) rather than skill-initiated activity, as they occur alongside other runtime config reads (.openclaw/openclaw.json, .profile, .bashrc).

LOW Agent directed to purchase URLs -15

The skill instructs the agent to direct users to https://prezentit.net/buy-credits when credits are insufficient. While legitimate for the service, this means the agent becomes a sales channel for the third-party service.

INFO Details parameter could leak sensitive context -15

The optional 'details' parameter accepts 'additional context about the presentation content' which could cause users to inadvertently share sensitive business information with the third-party API.