基于课程内容说明生成图文并茂的的PPT
PassAudited by ClawScan on May 11, 2026.
Overview
The skill is broadly coherent for generating PPT/PDF slide decks, but users should notice that it uses third-party API keys, sends slide prompts to MiniMax for image generation, and relies on user-run package installs.
This skill appears suitable for PPT generation. Before installing or using it, be prepared to run npm/pip/Playwright setup commands, provide a MiniMax API key only through an environment variable, and avoid sending confidential slide content to the AI image-generation workflow unless you accept the provider’s data handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the illustrated-PPT feature requires trusting the skill with a MiniMax API key, which may incur usage costs or expose account access if mishandled.
The image-generation client uses a bearer API key for MiniMax. This is expected for the stated image-generation feature, but it is sensitive account access and the top-level registry metadata declares no required credentials.
"Authorization": f"Bearer {api_key}"Use a limited-scope API key if possible, keep it in an environment variable, and avoid hardcoding it in prompts or files.
Slide topics and summarized content may be transmitted to MiniMax when generating illustrations.
The script sends generated image prompts derived from slide titles, content, bullets, and chapters to the MiniMax API. This is purpose-aligned for AI image generation, but it is an external provider data flow.
API_URL = "https://api.minimaxi.com/v1/image_generation" ... requests.post(API_URL, json=payload, headers=self.headers, timeout=120)
Do not use the illustrated image workflow with confidential course, business, or personal content unless MiniMax’s data-handling terms are acceptable.
Running the setup commands will install external packages or browser components on the local machine.
The subskill documents user-run installs from npm/PyPI and Playwright setup. These installs are central to slide generation/export, but they are not captured in the top-level install spec and are not fully pinned.
pnpm dlx @open-slide/cli init <deck-name> ... npx @open-slide/cli init <deck-name> ... python3 -m pip install -r {baseDir}/requirements.txtRun setup commands in a controlled environment, review package sources, and pin versions if reproducibility or supply-chain control matters.
The exporter can open and render URLs in a browser process; if pointed at the wrong page, it could capture unintended content.
The PDF exporter launches Chromium, opens a supplied slide URL, and captures screenshots. This is expected for rendering web-native slides to PDF, but it is browser automation that should remain scoped to the intended local slide deck.
browser = await p.chromium.launch() ... await page.goto(args.url, wait_until="domcontentloaded", timeout=60000) ... await page.screenshot(path=img_path, full_page=False)
Use the exporter only with the intended local open-slide URL and avoid connecting it to authenticated browser sessions unless necessary.