slides-generation-skills
v1.0.0AI-powered presentation generation using 2slides API. Create slides from text content, match reference image styles, or summarize documents into presentations. Use when users request to "create a presentation", "make slides", "generate a deck", "create slides from this content/document/image", or any presentation creation task. Supports theme selection, multiple languages, and both synchronous and asynchronous generation modes.
⭐ 5· 1.7k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description describe a presentation-generation integration and every required artifact matches that: scripts call https://2slides.com/api/v1, README/SKILL.md reference obtaining SLIDES_2SLIDES_API_KEY, and the three scripts implement search, generate, and job status endpoints. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
Runtime instructions are narrowly scoped to preparing content, calling the 2slides API, polling jobs, and optionally reading user-uploaded documents/images. The SKILL.md suggests using 'Read tools' or local PDF/DOCX readers to extract document text — that is expected for document summarization but requires the agent to access user-uploaded files. Also the MCP integration docs instruct editing a Claude Desktop config file and embedding an API key in a URL query parameter (see persistence/credential note below), which is an insecure practice and should be considered before following those steps.
Install Mechanism
There is no installer that downloads or executes third-party archives. The skill is instruction-only with plain Python scripts using the requests library. No remote install URLs, shorteners, or extracted archives are present in the package.
Credentials
Only one credential is required: SLIDES_2SLIDES_API_KEY, which is appropriate for an API-based service. The scripts only read that env var and do not attempt to access other system credentials, secrets, or config paths. Note: MCP docs mention an alternate env name/API-in-URL usage (API_KEY / apikey in query) — functionally related but less secure.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However the MCP integration guide instructs editing a user-level Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json) and suggests embedding the API key in a URL query parameter for an HTTP-mode MCP server. Persisting an API key in that configuration file or in a URL query string exposes the key to anyone with access to that file or process listing and is a security/privacy risk. This is a usability/integration note rather than evidence of malicious intent.
Assessment
What to consider before installing/using this skill:
1) Coherence: The skill appears to do what it claims — its scripts only call 2slides API endpoints and require a single API key (SLIDES_2SLIDES_API_KEY). That is internally consistent.
2) Origin: The package/source is listed as unknown and there is no homepage. If you plan to provide an API key, prefer code from a known/trusted source or inspect the files locally before running them.
3) API key handling: The skill expects you to set SLIDES_2SLIDES_API_KEY in your environment. Do not paste your API key into publicly readable files or share it. The MCP guide suggests putting the key in a URL query string (https://.../api/mcp?apikey=KEY) — avoid that if possible because query-string keys can leak in logs and process listings. Prefer storing the key in a shell environment or a secrets manager and passing it to local processes securely.
4) Run in a safe environment first: If you are unsure about the origin, run the Python scripts in a sandbox or isolated environment and review network traffic to confirm they only talk to 2slides.com. The code is readable and not obfuscated, so a quick code review will surface unexpected behavior.
5) Least privilege & monitoring: Use a dedicated 2slides API key with minimal permissions if the service supports that, and monitor API usage/credits after first use in case of accidental misuse.
6) Document handling: If you use the document summarization feature, the agent or scripts will need access to the document contents; do not submit sensitive documents unless you accept sending their content to the 2slides service.
If you want, I can: (a) produce a short checklist to safely test this skill locally, (b) highlight exact lines in the scripts that perform network access, or (c) suggest secure ways to configure MCP integration that avoid embedding keys in URLs.Like a lobster shell, security has layers — review code before you run it.
latestvk9703d765r25fbmr645m69jt3180hg8p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.