help you to make annual work summary ppt
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-ppt-maker Version: 1.0.0 The skill dynamically generates a Node.js script (`/tmp/gen_annual_ppt.mjs`) based on user-provided content (name, work achievements, plans) and then executes this script using `node`, as described in `SKILL.md`. This method introduces a significant code injection vulnerability (RCE risk) if user input is not rigorously sanitized before being embedded into the generated Node.js script or passed as arguments to the `node` command. While the skill's stated purpose is benign (PPT generation), the implementation method creates a critical security flaw that could be exploited for arbitrary code execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a generated script on the local environment to create the presentation file.
The skill tells the agent to create and execute a Node.js script. This is disclosed and aligned with generating a PPT, but it is still local code execution.
“生成脚本 — 根据整理后的内容,编写完整的 pptxgenjs Node.js 脚本” / “执行生成 — 使用 `exec` 工具运行脚本生成 .pptx 文件”
Keep the generated script limited to PPT creation and avoid adding unrelated shell commands or file access.
The behavior depends on the current npm package contents available when the skill runs.
The skill installs an npm dependency at runtime without a pinned version or lockfile. This is expected for the stated PPT-generation method, but users should notice the external package dependency.
“npm install pptxgenjs --prefix /tmp/pptx-pkg”
Prefer a pinned pptxgenjs version or a reviewed dependency lockfile if this skill will be used in a controlled or sensitive environment.
Work-summary content may leave the local workspace and become accessible through a generated download link.
The generated PPT, which may include work achievements and business details provided by the user, is uploaded to a CDN and shared through Feishu or the current channel. This is disclosed and purpose-aligned, but it crosses a data-sharing boundary.
“上传CDN — 使用 `upload_to_cdn` 工具上传文件” / “发送用户 — 通过飞书或当前 channel 将下载链接发送给用户”
Before using it with confidential information, confirm the intended recipient, link visibility, and whether CDN sharing is acceptable.