HTML Interactive Presentation
PassAudited by ClawScan on May 11, 2026.
Overview
The skill is purpose-aligned for turning Markdown into an interactive presentation, but it relies on external media services and helper/build commands that users should verify before running.
This skill appears safe to install for its stated purpose, but treat the media-generation and build steps as commands you should approve. Before running it on sensitive Markdown, decide whether MiniMax/OpenAI/Azure/other providers may receive derived text, and verify any referenced helper scripts or external skill dependencies.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands can modify files in the project directory and execute helper scripts if they exist.
The documented workflow asks the agent/user to run shell, npm, and build commands that create project files and media assets. This is expected for scaffolding and building a web presentation, but it is still local code execution.
bash <skill-path>/scripts/scaffold.sh ./presentation --theme=<selected-theme> ... npm run extract-narrations ... bash scripts/synthesize-audio.sh ... npx vite build
Review the helper scripts and generated package files before running them, and run the workflow in a dedicated project directory or sandbox.
The final behavior depends partly on external or missing helper code, so the reviewed files alone do not prove what those helpers will do.
The skill depends on external tooling or another skill for scaffolding and components, while the reviewed artifact set contains only README.md and SKILL.md. That means the executable helper code is not reviewable in this package.
- Node.js 18+ - [web-video-presentation](https://github.com/ConardLi/garden-skills) skill(提供了脚手架和基础组件)
Install helper scripts only from a trusted source, inspect them before execution, and prefer pinned or reviewed dependencies.
Users may need to provide API credentials to MiniMax, OpenAI, Azure, ElevenLabs, or similar services for full media generation.
These media-generation integrations commonly require provider accounts or API keys, but the registry metadata declares no primary credential or environment variables. This appears expected and optional, not hidden.
| 配图生成 | MiniMax CLI (`mmx image`) | OpenAI DALL-E / Stable Diffusion / 跳过用 placeholder | | 口播合成 | MiniMax CLI (`mmx speech`) | OpenAI TTS / Edge TTS / Azure / ElevenLabs / 跳过 |
Use least-privileged API keys, keep secrets out of generated project files, and skip or replace provider integrations when credentials are not available.
If the source Markdown contains private or confidential information, parts of it may be sent to third-party media services during image or audio generation.
The skill sends image descriptions and narration text to external media-generation providers. This is disclosed and aligned with the presentation-generation purpose, but it may include content derived from the user's Markdown article.
mmx image "<描述>" && mv image_001.jpg public/img/<name>.jpg ... bash scripts/synthesize-audio.sh # mmx speech 逐段合成 mp3
Use placeholders or local/offline tools for sensitive documents, and review provider privacy terms before sending private content.