Html2pptx Shape
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may add third-party packages and a browser binary to the user's environment.
The setup requires external Python dependencies and a Playwright browser runtime. This is disclosed and relevant to the skill, but it expands the local software supply chain.
pip3 install -r requirements.txt playwright install chromium
Install in a virtual environment, review requirements.txt, and consider pinning or verifying dependencies if using this in a sensitive environment.
Converting untrusted HTML could cause the converter to read local files named by stylesheet links, and those contents may enter the conversion process or embedded-HTML output.
The input HTML's stylesheet href controls which local CSS file is read and embedded. This is expected for CSS inlining, but untrusted HTML could reference unintended local paths.
css_path = Path(base_path) / css_href ... with open(css_path, 'r', encoding='utf-8') as f: css_content = f.read()
Convert only trusted HTML, inspect link and asset references before conversion, and prefer running the tool in a directory containing only the intended presentation assets.