Back to skill
Skillv1.1.0
ClawScan security
Markdown To Ppt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 11:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions match its stated purpose (converting Markdown to slides); it has no network calls or credential access and appears internally coherent.
- Guidance
- This skill appears to do what it says: convert Markdown to slides. Before running, inspect the script (already included) and run it in a safe environment. If you want .pptx output, install python-pptx (pip install python-pptx); otherwise the script will write an HTML file. Invoke it as python scripts/md2ppt.py or move/make the script executable so the usage example matches. Because it writes files provided by you, avoid running it on untrusted Markdown if you're concerned about data handling, and don't expect it to access network services or your credentials.
Review Dimensions
- Purpose & Capability
- okName and description are a Markdown->PPT converter and the included script implements exactly that. No unrelated binaries, credentials, or config paths are requested.
- Instruction Scope
- noteSKILL.md usage is appropriately scoped to converting Markdown to slides. Minor issues: the usage example shows invoking md2ppt.py directly but the actual file is scripts/md2ppt.py (user will need to run it with the correct path or make it executable). The instructions do not direct the agent to read unrelated system files, network endpoints, or environment variables.
- Install Mechanism
- noteThere is no install spec (instruction-only + bundled script). The script optionally depends on python-pptx to produce .pptx output; that dependency is not declared in SKILL.md. This is not malicious but users should know they may need to pip-install python-pptx to get PowerPoint output instead of the HTML fallback.
- Credentials
- okThe skill requests no environment variables or credentials. The code reads only user-supplied Markdown and writes local output files; there is no access to external secrets or unrelated config.
- Persistence & Privilege
- okThe skill does not request persistent/always-on privileges and makes no changes to other skills or global agent settings.