Ppt Deck Master
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text included in slide prompts can leave the local machine and be processed by Ofox or OpenRouter.
Slide prompt content is sent to external image/model providers for generation. This is disclosed and purpose-aligned, but prompts may contain private client or business material.
"prompt": prompt ... "https://api.ofox.ai/v1/images/generations" ... "https://openrouter.ai/api/v1/chat/completions"
Do not include confidential material unless the provider terms and your organization allow it; redact sensitive client data when possible.
Your provider account may be charged for image generations, and the key grants access according to that provider’s permissions.
The generator uses Ofox/OpenRouter API keys as bearer tokens. This is expected for the advertised integration, but the registry metadata lists no required env vars.
key = os.environ.get("OFOX_API_KEY") or os.environ.get("OPENROUTER_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated low-limit API key, set spending limits if available, and avoid pasting API keys into prompts or shared files.
Running the helper will make network requests and write generated images/PPTX files locally.
The documented workflow requires running a local Python helper and optionally installing a package. This is central to the skill’s purpose and is user-directed, not hidden.
python3 scripts/generate_deck.py ... python3 scripts/generate_deck.py --assemble ... 依赖:`pip install python-pptx`
Review the script, run it from the skill directory or a virtual environment, and install dependencies from a trusted package index.
A future dependency version could behave differently or introduce compatibility/security issues.
The optional PPTX assembly step uses an unpinned external Python package. This is normal for the feature, but it leaves dependency version selection to the user’s environment.
依赖:`pip install python-pptx`(仅组装时需要)
Prefer a virtual environment and, for repeatable use, pin a known-good python-pptx version.