基于课程内容说明生成图文并茂的的PPT
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: course-ppt-generator Version: 1.0.2 The skill bundle is a comprehensive PPT production suite that integrates multiple tools for generating, styling, and exporting presentations. It includes Python and TypeScript scripts for creating PPTX/PDF files, automating browser-based slide exports via Playwright (open-slide/scripts/export_pdf.py), and generating AI-powered imagery using the MiniMax API (illustrated-ppt/scripts/illustrated_ppt.py). While the suite handles sensitive data like API keys and performs file system operations (e.g., writing to the user's Desktop in generate_course_ppt.py), these actions are transparently documented and strictly aligned with the stated purpose of creating and saving presentation materials. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the illustrated-PPT feature requires trusting the skill with a MiniMax API key, which may incur usage costs or expose account access if mishandled.
The image-generation client uses a bearer API key for MiniMax. This is expected for the stated image-generation feature, but it is sensitive account access and the top-level registry metadata declares no required credentials.
"Authorization": f"Bearer {api_key}"Use a limited-scope API key if possible, keep it in an environment variable, and avoid hardcoding it in prompts or files.
Slide topics and summarized content may be transmitted to MiniMax when generating illustrations.
The script sends generated image prompts derived from slide titles, content, bullets, and chapters to the MiniMax API. This is purpose-aligned for AI image generation, but it is an external provider data flow.
API_URL = "https://api.minimaxi.com/v1/image_generation" ... requests.post(API_URL, json=payload, headers=self.headers, timeout=120)
Do not use the illustrated image workflow with confidential course, business, or personal content unless MiniMax’s data-handling terms are acceptable.
Running the setup commands will install external packages or browser components on the local machine.
The subskill documents user-run installs from npm/PyPI and Playwright setup. These installs are central to slide generation/export, but they are not captured in the top-level install spec and are not fully pinned.
pnpm dlx @open-slide/cli init <deck-name> ... npx @open-slide/cli init <deck-name> ... python3 -m pip install -r {baseDir}/requirements.txtRun setup commands in a controlled environment, review package sources, and pin versions if reproducibility or supply-chain control matters.
The exporter can open and render URLs in a browser process; if pointed at the wrong page, it could capture unintended content.
The PDF exporter launches Chromium, opens a supplied slide URL, and captures screenshots. This is expected for rendering web-native slides to PDF, but it is browser automation that should remain scoped to the intended local slide deck.
browser = await p.chromium.launch() ... await page.goto(args.url, wait_until="domcontentloaded", timeout=60000) ... await page.screenshot(path=img_path, full_page=False)
Use the exporter only with the intended local open-slide URL and avoid connecting it to authenticated browser sessions unless necessary.