Skillv1.0.0

ClawScan security

About `html-to-one-pptx` is a Claude Code Skill that automates the entire pipeline from an HTML design file to a `.pptx` slide. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 2:39 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (HTML → PPTX) matches the included scripts, but the runtime instructions rely on undocumented binaries and libraries and require running generated JavaScript/Python — this mismatch and the need to execute agent-written code are concerning and should be reviewed before use.
Guidance: This skill appears to do what it says, but there are important operational and safety gaps you should address before installing or running it: - Expect to need python3, node (npm), and Python/Node libraries: merge_slides.py uses lxml, and the JS toolchain expects pptxgenjs and may use react, react-dom, react-icons and sharp. The skill metadata does not declare these — confirm and provision them in a controlled environment. - The runtime requires executing agent-written JavaScript (tmp/gen.js) with 'node'. Always review the generated gen.js before running it; run the whole pipeline in an isolated/sandboxed environment (container or VM) to avoid executing unintended code or allowing network access. - Be cautious about network/URL usage: pptxgenjs supports images by URL and JS can fetch remote resources. If you need to avoid data exfil or SSRF, block outbound network access for the conversion container or disallow remote image URLs. - Validate merge_slides outputs on non-sensitive sample files first. merge_slides.py manipulates ZIP internals and XML — test it on benign inputs to ensure it behaves as you expect. - Ask the publisher to update the skill metadata to list required binaries and dependencies, or provide an install spec. If you cannot verify dependencies and generated code, treat the skill as untrusted and run it only in an isolated environment. If you want, I can list the concrete packages and commands to prepare a safe sandbox (Dockerfile or a checklist) and point out exact lines in the scripts to double-check for network calls or dangerous operations.

Review Dimensions

Purpose & Capability: noteThe skill claims to convert HTML to a single PPTX and includes two helper scripts (detect_charts.py, merge_slides.py) consistent with that goal. However the SKILL/registry metadata declares no required binaries or deps, yet the runtime instructions explicitly run 'python3' and 'node' and the docs reference npm packages (pptxgenjs, react, sharp). The omission of those runtime requirements is an incoherence.
Instruction Scope: concernInstructions tell the agent to read the user's HTML, write parsehtml.md/colors.md/gen.js into tmp/ folders, run detect_charts.py, then execute node gen.js and finally run merge_slides.py. Executing agent-generated gen.js (arbitrary JS) and running node on it is inherently executing code derived from user input — this is expected for the task but increases risk. The workflow can cause network I/O indirectly (pptxgenjs supports adding images by URL) and the skill includes no explicit safeguards or explicit rule to review generated code before execution.
Install Mechanism: noteNo install spec is provided (instruction-only), which minimizes installer-level risk. But the helper files require runtime packages not declared (e.g., python3, node, lxml in merge_slides.py, pptxgenjs and optional sharp/react/react-dom/react-icons in the JS guide). The lack of declared install steps or dependency lists is misleading and operationally incomplete.
Credentials: concernThe skill declares no required environment variables or credentials (which is appropriate), but it implicitly requires binaries and libraries. merge_slides.py depends on lxml; pptx generation relies on pptxgenjs and potentially other npm libraries. Those are not declared in requires.env or the install metadata — a mismatch that could lead to surprise installations or runtime failures. There are no explicit requests for sensitive credentials.
Persistence & Privilege: okThe skill is not marked 'always' and does not request persistent system-wide privileges or modify other skills. It writes temporary files into a project/tmp folder as part of normal operation; this is consistent with its stated purpose.