Skillv1.0.5

ClawScan security

Awesome Deck Pdf Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 3:25 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and dependencies are consistent with its stated purpose (convert/design HTML slides and export via Puppeteer); no unexplained credentials or hidden endpoints were found, but it requires installing Puppeteer/Chromium and will perform web fetches and local file I/O.
Guidance: What to consider before installing: - This skill appears internally coherent: it needs Puppeteer (Node) and python-pptx (Python) to implement its features. Installing it will likely run 'npm install puppeteer' which downloads Chromium; ensure you are comfortable installing those packages and the Chromium download. - The Node script (export_pdf.js) will read a local HTML file, create a temporary _pdf_pages/ directory, write PNGs and a temporary HTML, then produce slides.pdf and clean up. Review the script if you want to confirm no extra behavior. - The skill may perform network fetches (Puppeteer webpage screenshots / style extraction). That is expected for 'clone a website style', but be aware it will access URLs you provide. It does not include any remote exfiltration endpoints in the codebase. - The script launches Chrome with '--no-sandbox', which weakens process isolation — run it in a trusted environment or sandbox (container/VM) if you have sensitive data or untrusted HTML. - The SKILL.md contains explicit, high-priority instructions to the agent (the mandatory confirmation gates). This is intentional for the workflow but resembles prompt-override patterns; if you integrate this skill into an agent with other skills, ensure it cannot unintentionally override higher-level prompts or policies. Practical steps: review export_pdf.js locally, run the skill on non-sensitive test inputs first, install dependencies in an isolated environment (container/VM), and avoid supplying confidential content until you are comfortable with the behavior.
Findings: [system-prompt-override] expected: SKILL.md intentionally contains authoritative, high-priority workflow instructions (e.g., 'STOP — Read Before Doing Anything' and two mandatory confirmation gates). This looks like prompt-control text rather than covert injection, but similar patterns can be used to override agent/system prompts — be cautious when merging into multi-skill agents or when pasting into a system prompt.

Review Dimensions

Purpose & Capability: okName/description match the included files: SKILL.md documents extracting design from .pptx/screenshots/URLs/keywords, building an HTML deck, and exporting PDF. The included script (export_pdf.js) and references to python-pptx and Puppeteer are appropriate and justified for those tasks.
Instruction Scope: noteSKILL.md gives explicit, narrow instructions: extract design, present two mandatory confirmations, generate slides.html, then run export_pdf.js which reads the local HTML and writes a PDF. It also instructs fetching webpages (Puppeteer screenshots / getComputedStyle) for style extraction — network access is expected for that feature. The SKILL.md has a strong 'STOP' / confirmation gate structure (see scan finding) that appears intentional to control agent behavior but also matches the workflow; it does not instruct reading unrelated system files or secrets.
Install Mechanism: noteThere is no automated install spec in the registry entry (instruction-only skill), but README/references recommend npm install puppeteer and pip install python-pptx. Puppeteer will typically download a bundled Chromium (normal for this use). The script launches Chrome/Chromium with '--no-sandbox' and related args which is common in constrained CI/sandbox environments but reduces sandbox protections — run in a trusted/isolated environment.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That matches its stated function; nothing requests unrelated secrets or broad environment access.
Persistence & Privilege: okFlags are default (always: false, user-invocable true). The skill does not request permanent platform privileges nor modify other skills. It writes temporary files and the output PDF to the local working directory (expected).