Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ppt pro
v9.7.0专业 PPT 演示文稿全流程 AI 生成助手。模拟顶级 PPT 设计公司的完整工作流 (需求调研 -> 资料搜集 -> 大纲策划 -> 策划稿 -> 设计稿),输出高质量 HTML 格式演示文稿并可转换为可编辑 PPTX。当用户提到制作 PPT、做演示文稿、做 slides、 做幻灯片、做汇报材料、做培训课件、做...
⭐ 1· 38·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (full pipeline HTML -> editable PPTX) aligns with provided assets: extraction (Node/Puppeteer), HTML->PNG (Playwright/Puppeteer), assembly (python-pptx), font embedding, chart building and WPS conversion scripts. Declared runtime requirements (python3 + node) match the code.
Instruction Scope
SKILL.md confines work to the skill directory and user-provided materials and describes a 6-step pipeline (research -> generate -> assemble). It explicitly requires user confirmation at key stops and references only local files, web searches for content gathering, and internal reference docs. There are no instructions to read unrelated system secrets or external private config files.
Install Mechanism
No formal install spec is declared (instruction-only), but shipped scripts will invoke system tooling at runtime: npm install puppeteer (if Puppeteer needed), Playwright may require 'playwright install chromium', and documentation suggests optional OS-level package installs for WPS. These are common for screenshot tooling but do perform network downloads and write to disk.
Credentials
The skill requests no environment variables, no credentials, and no external config paths. Scripts read local fonts and write output under a user output directory (ppt-output/png/etc.), which is appropriate for the stated functionality.
Persistence & Privilege
Skill is not always-enabled and contains no declarations to alter other skills or global agent config. It can run code and subprocesses locally (normal for file-generation skills) but does not request elevated or persistent platform privileges in metadata.
Assessment
This skill appears coherent with its description, but it runs local scripts and may install browser tooling (puppeteer/playwright) which will download packages and browser binaries. Before installing or running: (1) review scripts (setup.sh, html2png.py, extract_slides.js, setup instructions) and decide whether to run them in an isolated/sandboxed environment; (2) be prepared for large downloads (Chromium) and npm/pip activity; (3) do not run sudo/dpkg steps from documentation unless you trust and inspect the .deb source; (4) ensure you don't point the skill at directories containing sensitive files (it reads local fonts and user-specified input paths); and (5) if you need a stricter security posture, run the pipeline inside a VM or container and inspect network activity during first use.scripts/html2pptx.js:70
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk977wcpe6bxk8xwmxp9jg5y13d84t2ma
License
MIT-0
Free to use, modify, and redistribute. No attribution required.