kai-slide-creator
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a coherent local HTML slide-generation skill, with a few low-level things to notice such as persistent planning files, browser-based editing, external font links in demos, and an unexplained OAuth capability signal.
Before installing, confirm you are comfortable with a skill that creates and edits local HTML slide files, reuses PLANNING.md as generation context, and may produce browser-interactive decks. Be cautious if any OAuth permission prompt appears, because the provided artifacts do not explain a need for account access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If PLANNING.md is stale, unintended, or modified by someone else, the generated slides may follow that content.
The skill deliberately reuses a persistent local planning file as the source of truth for generation.
PLANNING.md 已存在 → 读取并作为真相源,跳至 Phase 3
Review PLANNING.md before running generation, especially in shared or reused project folders.
Opening generated slides runs the slide deck’s browser-side HTML/CSS/JavaScript features, which is expected for this skill but worth knowing before sharing or opening files from others.
Generated presentations are intended to include interactive browser behavior for editing and saving.
浏览器内编辑 — E 键进入编辑模式,Ctrl+S 保存
Open generated HTML files from trusted projects only, and review the output before distributing it.
Decks using similar font links may not be fully offline and may contact a third-party font service when viewed.
At least one included demo presentation loads fonts from Google, creating an external browser request when opened.
<link rel="preconnect" href="https://fonts.googleapis.com">
If offline operation or strict privacy is required, remove external font links or replace them with local/system fonts in generated presentations.
The provided instructions do not explain why OAuth would be needed for a slide generator, so users should notice any permission prompt that appears.
The capability signal mentions OAuth even though the registry requirements declare no primary credential or required environment variables.
requires-oauth-token
Do not grant OAuth access unless the installer or runtime clearly explains which account, scopes, and actions are required.