About `html-to-one-pptx` is a Claude Code Skill that automates the entire pipeline from an HTML design file to a `.pptx` slide.
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a purpose-aligned HTML-to-PPTX converter, with the main user-noticeable risks being local Python/Node execution and under-declared dependencies.
Before installing, expect the skill to read the HTML you provide, create tmp files, and run local Python/Node tooling to produce PPTX output. Make sure required packages come from trusted sources, and review generated code first when converting HTML from an untrusted source.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can run generated Node.js code in the project directory to create the presentation.
The workflow intentionally creates and executes local JavaScript to generate PPTX output. This is purpose-aligned, but it is still meaningful local code execution.
→ write $SLIDE/gen.js (from parsehtml.md + charts.json + colors.md) node $SLIDE/gen.js # ✅ output.pptx generated
Use it only for intended conversion tasks, keep it scoped to a project folder, and review the generated gen.js first if the HTML source is untrusted or sensitive.
Users may need to install local runtime dependencies that are not fully declared in the registry metadata.
The helper script depends on an external Python package while the registry metadata declares no install spec or required binaries. This is expected for PPTX XML handling but should be disclosed for setup.
from lxml import etree
Install Python/Node dependencies only from trusted package sources and prefer project-local dependency management where possible.