DeckCraft
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency is necessary for the local scripts, but it adds normal package-supply-chain risk.
The skill requires a Python package and includes helper scripts, but the registry install spec is empty. This is expected for a PPT-generation helper, but users should install dependencies from trusted sources.
```bash pip install python-pptx ```
Install python-pptx from a trusted package index and review the included scripts before use, especially because the skill source has no homepage.
Templates or slide content you upload may remain in the local template library and be reused or referenced later.
Uploaded templates can be saved persistently and cataloged for reuse. This is disclosed and aligned with template support, but retained decks/templates may contain sensitive business content.
- Directory: `templates/` (user-managed, grows over time) - Catalog: `templates/README.md` (auto-updated when templates are added)
Only save templates you are comfortable retaining locally, and periodically review or delete the templates/ library if it contains sensitive material.