ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slides Generator

Create Hummingbot-branded PDF slides from markdown with Mermaid diagram support. Use for presentations, decks, and technical documentation with professional...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 239 · 1 current installs · 1 all-time installs
byMichael Feng@fengtality
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (markdown -> PDF slides with Mermaid support) matches the included script's functionality, but the SKILL.md declares no required binaries or env vars while instructing users to run tools that do require them (python3, fpdf2, mermaid-cli/npm). That mismatch is unexpected and reduces transparency.
!
Instruction Scope
The SKILL.md explicitly instructs executing a remote script via bash <(curl -s https://raw.githubusercontent.com/...), which downloads and executes code at runtime. The document also instructs global installs (npm -g, pip3 install) and saving temporary files. There are no instructions to verify the remote script or pin a commit hash. Apart from that, the instructions limit file access to the provided markdown and optional logo.
!
Install Mechanism
There is no formal install spec, but the runtime script will auto-install Python packages (pip3 install fpdf2) and relies on mermaid-cli (either installed or run via npx, which pulls from npm). The SKILL.md's curl|bash pattern executes code fetched from GitHub at runtime; while GitHub is a known host, downloading and executing unverified remote code is high risk. The script's auto-installation uses global installs (no --user), which can modify the system environment.
Credentials
The skill does not request environment variables, credentials, or config paths. The script also does not read other system credentials. This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-on and does not request special platform privileges. However, the script performs package installations (pip3 install, and may invoke npm installs via npx) that can affect the host environment and may require elevated permissions. It does not persistently modify agent configuration or other skills.
What to consider before installing
This skill likely performs the claimed slide generation, but exercise caution before running it. Specific recommendations: - Do NOT run the curl | bash command without inspection. Instead, inspect the script text first or use the local scripts/generate_slides.sh included with the skill package. - Prefer running the script in an isolated environment (container or VM) or a Python virtualenv and use npm with --location=project or --user equivalents to avoid global installs. - The script will automatically run pip3 install fpdf2 (no --user) and may invoke npx to pull mermaid-cli — these change your system and could run arbitrary code. Consider manually installing verified dependencies from trusted sources. - If you must use the remote URL, verify it points to a pinned commit or release (not just raw/master) and review the script content for unexpected network calls or command execution. - If you need stronger assurance, ask the skill author for a signed release, a reproducible package, or a versioned GitHub release instead of executing raw content from the web. - If you are not comfortable auditing shell/Python scripts, avoid running this skill on sensitive hosts.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97e24wd5jjet7daezk0fq2f99820dke

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

slides-generator

Create Hummingbot-branded presentation slides in PDF format from markdown content. Features two-column layouts and Mermaid diagram rendering for technical architecture and flowcharts.

Workflow

Step 1: Get Markdown Content

Ask the user to provide a markdown file or paste markdown content. The content should follow this format:

# Presentation Title

## 1. First Slide Title

Content for the first slide. Can include:
- Bullet points
- **Bold text** and *italic text*
- Code blocks

## 2. Second Slide Title

More content here.

## 3. Third Slide Title

And so on...

Format Rules:

  • # Title = Presentation title (optional, becomes title slide)
  • ## N. Slide Title = New slide (N is slide number)
  • Content under each ## heading becomes slide content
  • Supports markdown formatting: lists, bold, italic, code blocks, links

Step 2: Parse and Confirm

Before generating the PDF, parse the markdown and show the user a summary:

📊 Slide Outline:

1. First Slide Title
2. Second Slide Title
3. Third Slide Title
...

Total: X slides

Please confirm to proceed with PDF generation, or provide edits.

Wait for user confirmation before proceeding.

Step 3: Generate PDF

Run the generation script:

bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/slides-generator/scripts/generate_slides.sh) \
  --input "<markdown_file_or_content>" \
  --output "<output_pdf_path>"

Or if the user provided inline content, save it to a temp file first:

# Save content to temp file
cat > /tmp/slides_content.md << 'SLIDES_EOF'
<markdown_content_here>
SLIDES_EOF

# Generate PDF
bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/slides-generator/scripts/generate_slides.sh) \
  --input /tmp/slides_content.md \
  --output ~/slides_output.pdf

Step 4: Deliver Result

After generation, tell the user:

  • The PDF file location
  • How many slides were generated
  • Offer to open/view the PDF if desired

Editing Existing Slides

If the user wants to edit slides from a previously generated PDF:

  1. Read the original markdown (if available) or view the PDF to understand current content
  2. Ask the user what changes they want:
    • Edit specific slide content
    • Add new slides
    • Remove slides
    • Reorder slides
  3. Apply changes to the markdown
  4. Regenerate the PDF

Use the --edit flag to update specific slides without regenerating all:

bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/slides-generator/scripts/generate_slides.sh) \
  --input "<updated_markdown>" \
  --output "<same_pdf_path>" \
  --edit

Diagrams

Users can describe diagrams in natural language using mermaid: syntax. You must translate these descriptions to Mermaid code before generating the PDF.

User Input Format

Users write descriptions like:

mermaid: A flowchart showing User Interface connecting to Condor and MCP Agents,
both connecting to Hummingbot API (highlighted), then to Client, then to Gateway

Translation to Mermaid

Convert the description to proper Mermaid syntax:

\`\`\`mermaid
flowchart TB
    A[User Interface] --> B[Condor]
    A --> C[MCP Agents]
    B --> D[Hummingbot API]
    C --> D
    D --> E[Hummingbot Client]
    E --> F[Gateway]
    style D fill:#00D084,color:#fff
\`\`\`

Diagram Types

  • flowchart TD - Top-down flowchart
  • flowchart LR - Left-right flowchart
  • sequenceDiagram - API and interaction flows
  • classDiagram - Object-oriented design
  • erDiagram - Database schemas

Highlighting

Use style NodeName fill:#00D084,color:#fff for Hummingbot green highlighting.

Requirements

Mermaid diagrams require the Mermaid CLI:

npm install -g @mermaid-js/mermaid-cli

Code Blocks

Use regular \``` code blocks for ASCII art, code snippets, or preformatted text:

\`\`\`
Price
  ^
  |  [BUY] --- Level 3
  |  [BUY] --- Level 2
  |  [BUY] --- Level 1
  +-------------------> Time
\`\`\`

Code blocks render with monospace font on a gray background.

Two-Column Layout

When a slide has both bullet points AND a diagram, it automatically renders in two columns:

  • Left column: Text content
  • Right column: Diagram
## 4. How It Works

Key features:
- Automated order placement
- Dynamic position management
- Risk-controlled execution
- Real-time monitoring

mermaid: flowchart showing Market Data to Strategy to Orders

After translation:

## 4. How It Works

Key features:
- Automated order placement
- Dynamic position management
- Risk-controlled execution
- Real-time monitoring

\`\`\`mermaid
flowchart TD
    A[Market Data] --> B[Strategy]
    B --> C[Orders]
    style B fill:#00D084,color:#fff
\`\`\`

Example Markdown

# Q4 Product Update

## 1. Overview

Today we'll cover:
- Product milestones
- Key metrics
- Roadmap preview

## 2. Architecture

Our system components:
- User-facing interfaces
- Core API layer
- Exchange connectivity

mermaid: flowchart showing UI to API (highlighted) to Gateway

## 3. Key Metrics

| Metric | Q3 | Q4 | Change |
|--------|----|----|--------|
| Users | 10K | 15K | +50% |
| Revenue | $100K | $150K | +50% |

## 4. Q1 Roadmap

1. Mobile app launch
2. Enterprise tier
3. International expansion

## 5. Questions?

Thank you!

Contact: team@example.com

After translating mermaid: descriptions:

## 2. Architecture

Our system components:
- User-facing interfaces
- Core API layer
- Exchange connectivity

\`\`\`mermaid
flowchart TD
    A[UI] --> B[API]
    B --> C[Gateway]
    style B fill:#00D084,color:#fff
\`\`\`

Dependencies

The script will check for and install if needed:

  • Python 3
  • fpdf2 Python package (for PDF generation)

Troubleshooting

IssueSolution
"Python not found"Install Python 3: brew install python3 (macOS) or apt install python3 (Linux)
"fpdf2 not installed"Run: pip3 install fpdf2
"Permission denied"Check write permissions for output directory
"Empty PDF"Verify markdown format follows the ## N. Title pattern

Scripts

ScriptPurpose
generate_slides.shMain PDF generation script

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…