Slides Generator
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s slide-generation purpose is coherent, but it asks the agent to execute an unpinned live GitHub script and can install packages at runtime, so it should be reviewed before use.
Use this skill only if you are comfortable running local shell commands and downloading dependencies. Safer use would be to inspect and run the bundled script locally, pin any GitHub or package versions, and run it in a virtual environment or container.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The code executed on the user’s machine could change after review and may not match the script bundled with the skill.
The skill instructs execution of a shell script fetched live from the GitHub main branch, with no pinned commit, hash, or use of the included reviewed script file.
bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/slides-generator/scripts/generate_slides.sh) \
Prefer running the included local script after inspection, or pin the GitHub URL to a specific reviewed commit and verify integrity before execution.
Running the skill may modify the local development environment and download third-party code, which is expected for rendering but should not be silent to the user.
The script can install a Python package and invoke an npm package through npx during normal PDF generation.
pip3 install fpdf2 --quiet ... npx --yes @mermaid-js/mermaid-cli --version
Run it in a virtual environment or container where possible, and pin dependency versions for repeatable, reviewable execution.
If the user chooses the wrong input or output path, the script may read unintended markdown or overwrite/create files at the selected location.
The skill correctly requires confirmation before generation, but the confirmed action is still a shell command that reads a chosen file and writes a PDF output.
Wait for user confirmation before proceeding.
Confirm the slide outline, input file, and output PDF path before running the command.