ppt pro
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: ppt-pro Version: 9.7.0 The 'ppt-pro' skill is a highly sophisticated and well-documented tool for generating professional PowerPoint presentations through a multi-stage AI pipeline. It utilizes a combination of Python (python-pptx, lxml) and Node.js (Puppeteer) to handle content planning, HTML rendering, and OOXML assembly. While the bundle includes scripts that perform environment setup (setup.sh), execute system commands (html2pptx.js), and modify local configurations (wps_convert.py for WPS Office EULA), these actions are transparently documented and necessary for the tool's advanced functionality. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found; the complexity of the scripts and instructions is entirely consistent with the stated goal of simulating a high-end design agency workflow.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run local commands while converting slide outputs, so malformed or untrusted file paths/inputs could increase local execution risk.
The static scan shows shell command execution in the HTML-to-PPTX conversion path. This is consistent with a local conversion pipeline, but shell execution is a sensitive capability.
execSync(
Use the skill in a trusted working directory, review generated conversion commands if possible, and avoid passing untrusted HTML or unusual shell-sensitive paths.
If malicious HTML were rendered, browser-based scripts would execute during screenshot extraction.
The skill renders HTML slides in a headless browser with sandboxing disabled. This is common for screenshot pipelines but should be limited to trusted/generated HTML.
puppeteer.launch({
headless: "new",
args: ["--no-sandbox", "--disable-setuid-sandbox", "--disable-gpu", "--font-render-hinting=none"],
});Only render trusted or freshly generated slide HTML, and avoid feeding arbitrary third-party HTML into the conversion pipeline.
Installation may require additional local runtimes or packages that are not captured in the registry requirements.
The skill declares Python and Node requirements in SKILL.md, while the registry section says there are no required binaries and no install spec. This is an under-declared setup/dependency surface.
compatibility: Requires python3 and node. Linux/macOS/Windows.
Before use, verify Python, Node, and package dependencies from the included manifests/scripts, and prefer pinned dependency installation where available.
Private workspace documents or knowledge-base material could be used in generated slides if those sources are available to the agent.
The skill instructs the agent to use all available retrieval sources, including documents and knowledge bases. This is aligned with research for presentations, but it can pull private or irrelevant context if not scoped.
**2b. 并行搜索** — 搜索引擎、URL、文档、知识库等凡可用尽用。
Tell the agent which sources, folders, documents, or knowledge bases are allowed, and review the resulting citations/content before sharing the PPT.
Slide requirements and source context may be shared with parallel sub-agents during generation.
The skill can automatically use sub-agents for planning and HTML generation when an Agent/subagent tool is available. This is purpose-aligned parallelization, but it expands where task context may be sent.
**Sub-agent / 并行代理**(Agent tool / subagent) | 可用 -> Step 4 策划和 Step 5c HTML 生成启用并行模式;缺失 -> 退回逐页串行
For sensitive presentations, confirm whether sub-agent mode is enabled and request serial generation if you want to minimize context sharing.