md-ppt-generator
v1.0.0科技产品发布会创意总监。将结构化的 Markdown 转换为具有视觉冲击力的“大字报”风格 HTML 幻灯片。专注于电影感暗色渐变、莫兰迪色系文字、以及“呼吸感”动效,确保每页幻灯片传递核心、极简的信息。
⭐ 0· 218·0 current·0 all-time
byAnderson Lu@anderson-lu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Markdown → large-poster HTML slides) match the included assets (template.html and style.css) and SKILL.md instructions. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
SKILL.md explicitly limits runtime actions to reading assets/template.html and assets/style.css, mapping Markdown to <section> slides, injecting the generated sections and CSS, and producing a single index.html with no external dependencies. One omission: the instructions do not mention sanitizing user-provided Markdown/HTML. If the agent converts raw Markdown that allows embedded HTML, the resulting index.html could include attacker-controlled <script> or other active content (XSS) — this is an implementation detail the user should check before hosting or sharing the generated file.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code. Lowest-risk installation footprint.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system access.
Persistence & Privilege
always is false, no special persistence requested, and the skill does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default but is typical and not combined with other red flags.
Assessment
This skill appears to do exactly what it claims: produce a standalone index.html slide deck from Markdown using the provided template and CSS, without external network calls or credentials. Before installing/using it: 1) Preview the generated index.html locally rather than hosting it publicly, especially if you convert untrusted Markdown — ensure the conversion step strips/escapes HTML to avoid XSS. 2) Confirm your agent/runtime won’t silently read other files or transmit files over the network; the skill's instructions only reference bundled assets, but runtime privileges vary by environment. 3) If you plan to share the pages, review the output for any embedded scripts or external resource links. If you want, I can suggest safe Markdown-to-HTML sanitization rules or review a sample generated index.html for unsafe content.Like a lobster shell, security has layers — review code before you run it.
latestvk973qxhzbkc3mbc0k51qsdamth82p8xz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.