Presentation Agent
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a purpose-built Markdown-to-slides converter, but it runs local rendering tools and allows local files during conversion, so use it with trusted Markdown and assets.
Before installing, make sure you trust the global Marp/Mermaid tools on your machine and only convert Markdown or assets you trust, especially because rendering allows local files and HTML for slide themes and diagrams.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Slide generation will run whatever global Marp and Mermaid CLI versions are present on the machine.
The skill depends on host-global npm tools rather than a pinned install spec; this is expected for Marp/Mermaid conversion but users should verify the installed tools' provenance and versions.
- `@marp-team/marp-cli` (npm global) - `@mermaid-js/mermaid-cli` (npm global) - Both already installed on this host.
Install or verify trusted versions of `@marp-team/marp-cli` and `@mermaid-js/mermaid-cli` before using the skill.
A Markdown file with local file references or embedded HTML can influence what the local renderer loads into the output.
The renderer is intentionally allowed to process HTML and local file references so local themes and assets work; this is purpose-aligned, but it broadens what a Markdown deck can cause the renderer to load.
marp "${TMPMD}" --pdf -o "${OUTPUT}" --allow-local-files --html --theme-set "${THEME_DIR}/frexida.css"Use this with Markdown and assets you trust, and review file/image/script references before converting third-party decks.
Creating data graphs may involve local code execution as part of producing the slide assets.
The instructions may lead the agent to execute local plotting code to create graph images; that is coherent with data visualization but should not be used to run untrusted code snippets.
For matplotlib/plotly graphs, generate PNG first via `exec`, then embed as `` in the Markdown.
Have the agent generate plotting code from trusted data, and avoid executing code copied from untrusted Markdown or external sources.