HML Google Slides
v1.0.0Create, edit, and export Google Slides presentations. Use when creating new presentations, adding or updating slides, reading slide content, exporting to PDF...
⭐ 0· 406·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (Google Slides create/edit/export) matches the code and instructions: the script uses the Slides and Drive APIs and the SKILL.md documents expected commands. However the skill uses the external 'gog' CLI and reads gog's credentials file (~/.config/gogcli/credentials.json) even though the registry metadata declares no required binaries or config paths — a mismatch between declared requirements and actual needs.
Instruction Scope
SKILL.md instructs running gog commands and a re-auth that requests wide scopes (gmail,calendar,drive,docs,sheets,contacts,tasks,people). The runtime instructions and scripts perform token export via `gog auth tokens export`, read local credential files, and refresh OAuth tokens — actions beyond simply calling Slides APIs. The skill also hardcodes the account 'david@hml.tech' as the default, which is unexpected and could lead to confusion or accidental use of another user's account.
Install Mechanism
No install spec (instruction-only plus a bundled script). That minimizes supply-chain install risk. The script does call external CLI ('gog') at runtime instead of installing anything itself.
Credentials
The script reads sensitive local state: it exports tokens to /tmp/gog_slides_token.json and reads ~/.config/gogcli/credentials.json (client_id and client_secret) to refresh OAuth tokens. The registry declared no required env or config paths, yet the code depends on them. SKILL.md also suggests re-authenticating with many Google scopes (including Gmail), which is broader than strictly necessary for Slides/Drive and is disproportionate unless explicitly justified. The default GOG_ACCOUNT value (david@hml.tech) is hardcoded and surprising.
Persistence & Privilege
The skill is not always-enabled and doesn't request special platform-level persistence. It doesn't modify other skills or system-wide settings. It does, however, read and write token data to /tmp and user config, which is normal for OAuth usage but should be noted.
What to consider before installing
This skill will use the 'gog' CLI and your gog-stored OAuth credentials to act on Google Slides and Drive. Before installing, confirm: (1) you trust the skill author and the default account (the code defaults to david@hml.tech unless you set GOG_ACCOUNT); (2) you are comfortable that the script will export and read refresh tokens and client_id/client_secret from ~/.config/gogcli/credentials.json (the skill metadata did not declare this); (3) the recommended re-auth command requests wide Google scopes (gmail, calendar, etc.) — only grant scopes you intend. If you proceed, set GOG_ACCOUNT to your own account, inspect ~/.config/gogcli/credentials.json contents and permissions, and consider running the skill in an isolated or throwaway environment. Ask the publisher to update metadata to declare the required 'gog' binary and the config path, and to explain why broad scopes and the hardcoded default account are necessary.Like a lobster shell, security has layers — review code before you run it.
googlehmllatestpresentationslides
Google Slides
Uses the gog CLI for basic operations and scripts/slides.py for advanced edits (adding/editing slide content via the Slides API).
Auth Check
Before any Slides operation, verify auth is working:
gog slides info <any-presentation-id> --account david@hml.tech
If it fails, re-auth: gog auth add david@hml.tech --services gmail,calendar,drive,docs,sheets,contacts,tasks,people
Core Commands (via gog)
# Create a new blank presentation
gog slides create "My Presentation" --account david@hml.tech --json
# Get info about a presentation (slide count, title, etc.)
gog slides info <presentationId> --account david@hml.tech --json
# Export to PDF
gog slides export <presentationId> --format pdf --out /tmp/deck.pdf --account david@hml.tech
# Export to PPTX
gog slides export <presentationId> --format pptx --out /tmp/deck.pptx --account david@hml.tech
# Copy a presentation (e.g., to use a template)
gog slides copy <presentationId> "Copy Title" --account david@hml.tech --json
Adding/Editing Slide Content (via scripts/slides.py)
For adding text slides, batch updates, and reading full content, use scripts/slides.py.
# Add a text slide with title and bullet body
python3 scripts/slides.py add-slide <presentationId> \
--title "Slide Title" \
--body "• Bullet point one\n• Bullet point two"
# Add a slide at a specific position (0-indexed)
python3 scripts/slides.py add-slide <presentationId> --title "Intro" --insert-at 0
# Run arbitrary batch update requests from a JSON file
python3 scripts/slides.py batch <presentationId> requests.json
# Export via script
python3 scripts/slides.py export <presentationId> --format pdf --out /tmp/deck.pdf
# List comments with their anchors (e.g. which slide they are on)
python3 scripts/slides.py list-comments <presentationId>
# Resolve a comment and optionally leave a reply message
python3 scripts/slides.py resolve-comment <presentationId> <commentId> --reply "Fixed!"
Building a Deck from Scratch
Typical workflow:
- Create presentation:
gog slides create "Title" --json→ getpresentationId - Add slides one by one using
scripts/slides.py add-slide - For rich content (images, shapes, formatting), write batch requests to a JSON file and run
scripts/slides.py batch - Export:
gog slides export <id> --format pdf --out /tmp/deck.pdf
For complex batch requests (images, shapes, text formatting), see references/batch_requests.md.
Getting Presentation ID
From a Google Slides URL:
https://docs.google.com/presentation/d/**<presentationId>**/edit
Notes
gog slidesuses the Drive API under the hood (no separate Slides scope needed)scripts/slides.pyuses the Google Slides API directly and requires working gog auth tokens- Set
GOG_ACCOUNT=david@hml.techin env to skip--accountflag
Comments
Loading comments...