Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Markdown to PPT (Smart Layout)
v1.1.0智能 Markdown 转 PPT。自动分析内容结构、智能分页、详细设计每页布局、自动生成/搜索配图。支持 Slidev/HTML/PPTX 多格式输出。| Intelligent Markdown to PPT with auto-layout and image generation.
⭐ 0· 67·0 current·0 all-time
byZixuan@neutronstar238
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, README, SKILL.md and the included Python script all align: parsing Markdown, auto-layout, and producing Slidev/HTML/PPTX outputs. Required capabilities (reading a Markdown file, creating output assets, fetching images) are coherent with the stated purpose.
Instruction Scope
Runtime instructions explicitly allow WebFetch/WebSearch and describe downloading images from Unsplash/Pexels and calling AI image-generation APIs. Those operations will send content (queries and possibly portions of the document) to external services. The SKILL.md does not instruct reading unrelated local files or env vars, but network fetches and optional AI-generation introduce external data flows the user should be aware of.
Install Mechanism
No install spec is provided (instruction-only from the registry), and dependencies listed are standard developer tools (Slidev, python-pptx). The included script uses only typical Python libraries (requests). No downloads from untrusted URLs or archive extraction steps were declared in the registry metadata.
Credentials
The package claims it may 'call AI 绘画 API' but the registry metadata lists no required environment variables or primary credential. The script uses Unsplash Source (which needs no key) for image searches (seen in partial script), but SKILL.md's mention of AI-generation is vague and could require API keys (OpenAI, Stability, etc.) that are not declared. This inconsistency (networked image generation vs no credential requirements) is worth flagging.
Persistence & Privilege
Skill is user-invocable, not always-included, and does not request system-wide config modifications. It reads user-specified Markdown files and writes output assets (expected behavior). No elevated persistence or privileges are requested.
What to consider before installing
This skill appears to do what it claims — parse Markdown and build slides, downloading images from web sources — but it performs network operations (image search/download and possibly AI image-generation). Before installing or running: 1) review scripts/md_to_ppt.py yourself (or ask the author) to confirm whether any AI image-generation calls send your document or sensitive text to an external API and which endpoints are used; 2) be cautious when enabling automatic image generation/search (it will make outbound requests and store downloaded images in assets/); 3) don't feed sensitive credentials or confidential content into files you convert unless you verify where data is sent; 4) if you want to disable external calls, run the tool in an offline mode or patch the script to disable auto-image generation; and 5) ask the publisher for the source/homepage and clarification about any required API keys before granting network or credential access.Like a lobster shell, security has layers — review code before you run it.
latestvk979khf5sxpvwpr62zmft9z34x84ejps
License
MIT-0
Free to use, modify, and redistribute. No attribution required.