present-ppt
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: present-ppt Version: 1.0.0 The skill bundle is a legitimate tool designed to convert structured HTML slide designs into editable PowerPoint (PPTX) files. It utilizes standard libraries like 'cheerio' for DOM parsing and 'pptxgenjs' for document generation. The logic is divided into several preset scripts (e.g., ai_runtime_preset.js, data_strategy_deck_preset.js) that map HTML elements to native PowerPoint shapes and text boxes. There is no evidence of data exfiltration, unauthorized network access, or malicious command execution; the use of execFileSync in html_to_pptx.js is limited to calling internal helper scripts. The instructions in SKILL.md are strictly aligned with the tool's functional purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs local Node.js code from the skill package to create the PPTX.
The main script launches another bundled Node script for the v9 preset path. This is executable local code, but it is disclosed by the CLI workflow and aligned with the conversion purpose.
execFileSync(process.execPath, args, { stdio: 'inherit' });Run it only from a trusted skill directory and keep input/output paths user-directed.
Installation may fetch and run standard npm package installation behavior even though the registry requirements section does not advertise required binaries.
The skill depends on npm-installed packages, which is normal for a Node-based converter, but the registry metadata has no install spec or required binary declarations.
From the skill directory:\n\n```bash\nnpm ci\n```\n\nIf that fails ...\n\n```bash\nnpm install\n```
Prefer `npm ci` with the included lockfile, and review dependency changes if falling back to `npm install`.
If the agent extends the skill, future conversions may use newly added code or mappings.
The skill documents modifying its own scripts to add new presets. This is purpose-aligned for an extensible converter, but it can persistently change future skill behavior.
Update `scripts/html_to_pptx.js` so it can... accept `--preset=<your-preset>` and dispatch to the new renderer
Ask for user approval before changing skill files, keep changes scoped to the new preset, and retain a backup or version history.