Ppt Ooxml Translator
v0.1.0AI-agent Skill for PPTX OOXML localization workflows. Use it to unpack PPTX, extract and apply text translations, normalize terminology, enforce language-specific fonts, validate XML integrity, and repack outputs with machine-readable JSON interfaces for automation.
⭐ 0· 1.4k·10 current·10 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, README, SKILL.md, CLI surface and pyproject all describe a PPTX OOXML localization CLI (unpack, collect, apply, normalize, validate, repack). The included Python code implements those features and uses only stdlib modules. There are no unrelated credentials, binaries, or external services declared.
Instruction Scope
SKILL.md and the CLI focus only on unpacking/repacking and manipulating XML text in the user-provided PPTX/unpacked folders. The runtime instructions do not request unrelated files or environment variables. However, the implementation will read and overwrite files that you point it at (unpacked OOXML files, TSVs, output paths), so a user-supplied path controls what the tool touches.
Install Mechanism
No external install spec in the Skill manifest (instruction-only). The repository contains a standard Python package (pyproject.toml) and a console entrypoint; installing via pip is appropriate for this project. There are no downloads from arbitrary URLs in the manifest.
Credentials
The skill declares no required environment variables, credentials, or config paths. That aligns with a local file-processing CLI that doesn't call external APIs.
Persistence & Privilege
The skill is not always-enabled; it is user-invocable and allows autonomous invocation (the platform default). It does not request to modify other skills or system-wide agent settings according to the provided files.
Assessment
This package appears to implement exactly the PPTX/OOXML localization functionality it claims and does not ask for credentials or network access. Before installing or running it, consider the following: 1) Zip extraction risk — the code calls ZipFile.extractall(output_root) which can be abused by a malicious .pptx containing crafted paths (../ or absolute paths) to write outside the intended directory; only run on trusted PPTX files or inspect the archive contents first, or run in a sandboxed container with limited privileges. 2) File overwrite risk — the tool will read and overwrite files under the paths you supply (unpacked root, output locations, TSV path). Point it at copies or isolated directories. 3) Review the rest of cli.py (the truncated portion) for any subprocess, network, or eval/exec usage before granting autonomous invocation; current visible imports are stdlib-only and show no networking, but the file was partially truncated. 4) Source provenance — repository metadata contains placeholder values (Your Team, example GitHub URL) and the registry owner is an ID only; if provenance matters, prefer packages from known maintainers or review the full code. 5) Test in a controlled environment (non-root, container) with known inputs. If you want, I can scan the rest of cli.py (provide the remaining lines) for exec/subprocess/network calls and re-evaluate confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk972psmmnseachpzkv8rjr9efs80th20
License
MIT-0
Free to use, modify, and redistribute. No attribution required.