Slide Maker
ReviewAudited by ClawScan on May 10, 2026.
Overview
Slide Maker mostly generates local Markdown slides, but one included script keeps a persistent local history of user inputs without clear disclosure.
Review the local history behavior before installing. The visible artifacts do not show credential theft, network exfiltration, or destructive actions, but sensitive slide topics, pitch content, or business report details could be written to local logs and reused or exported later.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Presentation topics, draft text, pitch details, or report data typed into the tool may remain on disk and be shown or exported later.
The script creates a persistent local data directory and appends user-provided command input to logs/history.
DATA_DIR="${HOME}/.local/share/slide-maker" ... echo "$ts|$input" >> "$DATA_DIR/draft.log" ... _log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Use with non-sensitive content unless local history retention is acceptable. The publisher should disclose the storage, add opt-in/disable and cleanup controls, and document where data is kept.
The skill may fail or behave differently on systems without Python, and users should treat it as code-backed rather than purely instructional.
The artifact includes runnable shell code that invokes Python even though the registry requirements declare no required binaries and there is no install spec.
python3 << 'PYEOF'
Declare the runtime dependency and entrypoint clearly, or keep the skill truly instruction-only.