PPT制作
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: dragon-ppt-maker Version: 1.0.0 The `ppt_maker.py` script is suspicious due to an arbitrary file write vulnerability. The `--output` command-line argument is directly used as the filename for `prs.save()`, allowing a user or an agent to specify an arbitrary file path (e.g., via path traversal) to write the generated PPTX file to any location on the file system where the process has write permissions. While the content written is a PPTX file, this lack of input sanitization for file paths is a significant security flaw.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's dependencies may add third-party code to the user's Python environment.
The skill asks the user to install third-party Python packages. This is purpose-aligned for generating PPTX files and handling images, but it is still external package installation.
pip install python-pptx pillow
Install dependencies from a trusted package index, preferably in a virtual environment, and pin package versions if reproducibility or stricter security is needed.