Back to skill
Skillv1.0.0
VirusTotal security
Html2pptx Complete · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 6:31 AM
- Hash
- d1d29ae484e531f0514405dd2712117f53b1ef8769c26d7d02819d6fbf373f87
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: html2pptx-complete Version: 1.0.0 The skill bundle contains significant security vulnerabilities that could be exploited, although no clear evidence of intentional malice was found. Specifically, `scripts/convert.js` uses `execSync` to execute shell commands with arguments derived from input paths, which poses a shell injection risk if filenames are not strictly controlled. Furthermore, `scripts/embed-css.py` resolves and reads local files based on `<link>` tags in the input HTML without path sanitization, enabling an arbitrary local file read (LFI) vulnerability. These flaws allow a user to potentially execute unauthorized commands or exfiltrate sensitive local files by providing a specially crafted HTML file.
- External report
- View on VirusTotal