Deck Pipeline
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A deck or companion spreadsheet could be changed in place if the workflow is run on an original file.
The skill is designed to modify presentation and spreadsheet files, including documented default overwrite behavior. This is aligned with deck editing, and lock-file checks are disclosed, but users should consciously control backups and output paths.
File-write discipline / 文件写入纪律 - Overwrite the original by default / 默认覆盖原文件 - Scan for `~$xxx` lock file before writing
Run it on a copy or confirm the output paths before allowing writes, and keep the page-by-page checkpoints enabled.
Different package versions could behave differently or introduce dependency risk.
The setup instructions rely on manually installed, unpinned third-party Python packages. This is expected for a local PPT/PDF/XLSX processing skill, but package versions and provenance are not locked by the skill artifacts.
pip3 install python-pptx openpyxl pymupdf pyyaml
Install in a virtual environment and pin trusted package versions if using this for important or confidential decks.
Generated handoff or glossary files may contain sensitive project details and can steer future deck work.
The workflow intentionally writes a local handoff file and tracks glossary/rewrite decisions for later continuation. This is useful and disclosed, but it can persist project context and decisions across sessions.
`HANDOFF.md` | Session contract: goal · tools · completed · unresolved · cautions · principles · constraints
Review HANDOFF.md, comparison spreadsheets, and glossary entries before sharing them or reusing them in a different project.