Slides
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This appears safe to use for presentation work if you are comfortable with local slide memory. Review what gets saved under ~/slides/, approve any external tool installs, use least-privilege Google Slides credentials if cloud editing is needed, and inspect the raw source if the Unicode-control-character warning concerns you. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Presentation preferences and project details may remain on the device and be reused in future slide tasks.
The skill intentionally persists slide-related memory for future use. This is disclosed and purpose-aligned, but it can store project context, style preferences, and client/brand details that may influence later work.
Projects and styles stored in `~/slides/` ... `memory.md` ... `styles/` ... `projects/` ... `templates/`
Store only information you are comfortable keeping locally, periodically review ~/slides/, and avoid putting secrets or highly confidential material in style or project memory files.
If Google Slides mode is used, the agent may act on presentations accessible to the provided credential.
The Google Slides API example uses a service-account credential with presentation access. This is expected if the user chooses Google Slides, but it grants delegated authority to create or update cloud presentations.
SCOPES = ['https://www.googleapis.com/auth/presentations'] ... Credentials.from_service_account_file('creds.json', scopes=SCOPES)Use a dedicated, least-privileged Google credential, restrict access to the specific decks or workspace needed, and review changes before sharing or publishing.
Installing global or npx-based slide tools can run third-party code on the user’s machine.
The tool documentation includes user-directed installation and execution of external npm packages. This is central to slide generation/export workflows, but the artifacts do not pin package versions.
npm install -g @marp-team/marp-cli ... npm install -g decktape ... npx slidev slides.md
Approve package installs explicitly, prefer pinned versions where possible, and install tools in an isolated project or environment.
Obfuscated characters can sometimes hide or visually alter instructions, although no harmful instruction is visible in the provided artifact text.
The scan reported Unicode control characters associated with possible prompt obfuscation. The visible neutralized SKILL.md content is coherent and does not contain an instruction override, so this is not treated as a concern.
Pre-scan injection signals ... unicode-control-chars
If installing from the original source, inspect the raw SKILL.md for unusual hidden characters before trusting unexpected instructions.