critical
suspicious.dangerous_exec
- Location
- scripts/html2pptx.js:70
- Finding
- Shell command execution detected (child_process).
ppt pro
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The skill may run local commands while converting slide outputs, so malformed or untrusted file paths/inputs could increase local execution risk.
Why it was flagged
The static scan shows shell command execution in the HTML-to-PPTX conversion path. This is consistent with a local conversion pipeline, but shell execution is a sensitive capability.
Skill content
execSync(
Recommendation
Use the skill in a trusted working directory, review generated conversion commands if possible, and avoid passing untrusted HTML or unusual shell-sensitive paths.
What this means
If malicious HTML were rendered, browser-based scripts would execute during screenshot extraction.
Why it was flagged
The skill renders HTML slides in a headless browser with sandboxing disabled. This is common for screenshot pipelines but should be limited to trusted/generated HTML.
Skill content
puppeteer.launch({
headless: "new",
args: ["--no-sandbox", "--disable-setuid-sandbox", "--disable-gpu", "--font-render-hinting=none"],
});Recommendation
Only render trusted or freshly generated slide HTML, and avoid feeding arbitrary third-party HTML into the conversion pipeline.
What this means
Installation may require additional local runtimes or packages that are not captured in the registry requirements.
Why it was flagged
The skill declares Python and Node requirements in SKILL.md, while the registry section says there are no required binaries and no install spec. This is an under-declared setup/dependency surface.
Skill content
compatibility: Requires python3 and node. Linux/macOS/Windows.
Recommendation
Before use, verify Python, Node, and package dependencies from the included manifests/scripts, and prefer pinned dependency installation where available.
What this means
Private workspace documents or knowledge-base material could be used in generated slides if those sources are available to the agent.
Why it was flagged
The skill instructs the agent to use all available retrieval sources, including documents and knowledge bases. This is aligned with research for presentations, but it can pull private or irrelevant context if not scoped.
Skill content
**2b. 并行搜索** — 搜索引擎、URL、文档、知识库等凡可用尽用。
Recommendation
Tell the agent which sources, folders, documents, or knowledge bases are allowed, and review the resulting citations/content before sharing the PPT.
What this means
Slide requirements and source context may be shared with parallel sub-agents during generation.
Why it was flagged
The skill can automatically use sub-agents for planning and HTML generation when an Agent/subagent tool is available. This is purpose-aligned parallelization, but it expands where task context may be sent.
Skill content
**Sub-agent / 并行代理**(Agent tool / subagent) | 可用 -> Step 4 策划和 Step 5c HTML 生成启用并行模式;缺失 -> 退回逐页串行
Recommendation
For sensitive presentations, confirm whether sub-agent mode is enabled and request serial generation if you want to minimize context sharing.