ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PPT Generator

v1.0.0

生成HTML格式的PPT演示文稿。使用场景:(1) 用户需要创建可分享的网页版PPT;(2) 用户需要离线可用的演示文稿;(3) 用户提到"HTML PPT"、"网页PPT"、"在线PPT"等关键词。接收用户输入:PPT主题内容、风格参考资料(支持图片/文件上传)、目标受众,然后生成可下载的HTML文件。

1· 235·0 current·0 all-time
by@flyyue5
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (HTML PPT generator) align with the instructions to produce a Reveal.js single-file HTML. However the SKILL.md also instructs the agent to call a specific external tool ('feishu_im_bot_image') and to fetch product images from apple.com.cn. The Feishu tool is not declared in the skill's requirements or metadata, and scraping apple.com.cn is not necessary for the stated core functionality — these steps are outside the clear scope and are unexplained.
!
Instruction Scope
Instructions explicitly tell the agent to '调用 feishu_im_bot_image 工具下载用户上传的图片参考' (call feishu_im_bot_image) and to obtain product images from apple.com.cn. The skill does not declare that tool or explain credentials/permissions. The instruction to fetch external site images gives the agent open-ended web-access behavior and potential scraping of third-party content, which is beyond the core task of formatting user-supplied content and is not constrained or justified.
Install Mechanism
No install specification or code files are present (instruction-only). This is lowest install risk — nothing is written to disk by an installer step.
Credentials
The skill declares no required environment variables or credentials — appropriate for its stated purpose. However, it references an external platform-specific tool (feishu_im_bot_image) which likely depends on platform capabilities or credentials not declared here; that mismatch should be clarified. Also fetching images from apple.com.cn may require no secret, but could raise copyright/privacy issues.
Persistence & Privilege
always is false and there is no indication the skill requests persistent or elevated privileges. It does not modify other skills or system config in the instructions.
What to consider before installing
This skill largely does what it says (create a Reveal.js HTML PPT), but the SKILL.md asks the agent to use an undeclared tool ('feishu_im_bot_image') to download uploads and to fetch product images from apple.com.cn. Before installing or using it, ask the publisher: (1) what is feishu_im_bot_image, why is it required, and what permissions/credentials does it need? (2) confirm whether the skill will actually access the public web (scraping) and whether your platform allows that; if so, what sites will be contacted? (3) how will uploaded images be handled/stored and can you review them before external fetching? If you cannot get clear answers, treat it as higher risk — test in a sandboxed environment and avoid supplying sensitive images or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk979w3b28hfg7w3dhzpmehyp29834v4z
235downloads
1stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@flyyue5
latest
Download

HTML PPT Generator

生成基于 Reveal.js 的HTML格式PPT演示文稿。

工作流程

1. 收集用户信息

向用户确认以下信息:

  1. PPT主要内容:要讲解的核心主题和要点
  2. 风格/参考资料:希望参考的视觉风格,支持上传图片和文件作为参考
  3. 目标受众:面向谁(决定内容深度和语言风格)

2. 收集完成后

调用 feishu_im_bot_image 工具下载用户上传的图片参考。

3. 生成PPT

基于用户提供的信息,生成HTML文件。PPT应包含:

  • 封面页(标题、副标题、演讲者信息)
  • 目录页
  • 内容页(根据主题要点展开,每页都要有相关的图标/图片)
  • 总结页
  • 结束页

视觉设计原则

  • 每页都要有相关的图片、图标或icon
  • 使用公开的图标库(如Font Awesome)丰富视觉效果
  • 如果有产品图片,尽量从官网获取真实产品图
  • 简洁专业的布局
  • 适合目标受众的视觉风格
  • 清晰的层次结构
  • 合理的配色

图标资源

4. 输出

将生成的HTML文件保存到本地,并将文件发送给用户。

使用的技术

  • Reveal.js: 流行的HTML演示框架
  • 单文件HTML,包含内联CSS和脚本
  • 支持键盘导航、过渡动画等功能

Comments

Loading comments...