help you to make annual work summary ppt
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—make and share a year-end PPT—but it will run local Node commands and upload the generated work-summary file to a sharing channel.
This skill is reasonable for generating a year-end summary PPT. Use caution with confidential company information because the final file is uploaded and shared by link, and be aware that the workflow includes installing an npm library and running a generated Node.js script.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a generated script on the local environment to create the presentation file.
The skill tells the agent to create and execute a Node.js script. This is disclosed and aligned with generating a PPT, but it is still local code execution.
“生成脚本 — 根据整理后的内容,编写完整的 pptxgenjs Node.js 脚本” / “执行生成 — 使用 `exec` 工具运行脚本生成 .pptx 文件”
Keep the generated script limited to PPT creation and avoid adding unrelated shell commands or file access.
The behavior depends on the current npm package contents available when the skill runs.
The skill installs an npm dependency at runtime without a pinned version or lockfile. This is expected for the stated PPT-generation method, but users should notice the external package dependency.
“npm install pptxgenjs --prefix /tmp/pptx-pkg”
Prefer a pinned pptxgenjs version or a reviewed dependency lockfile if this skill will be used in a controlled or sensitive environment.
Work-summary content may leave the local workspace and become accessible through a generated download link.
The generated PPT, which may include work achievements and business details provided by the user, is uploaded to a CDN and shared through Feishu or the current channel. This is disclosed and purpose-aligned, but it crosses a data-sharing boundary.
“上传CDN — 使用 `upload_to_cdn` 工具上传文件” / “发送用户 — 通过飞书或当前 channel 将下载链接发送给用户”
Before using it with confidential information, confirm the intended recipient, link visibility, and whether CDN sharing is acceptable.