Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web Slides
v2.0.4专业单页面HTML PPT生成器。Use when user needs to create beautiful HTML presentations. Supports multiple themes, mobile-friendly, export to PDF. 单页PPT、HTML演示文稿、PPT生成。
⭐ 0· 147·0 current·0 all-time
by@tobewin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (HTML single-file slide generator) matches the included files and scripts: multiple theme docs, layout rules, and Node scripts to scaffold, validate, generate HTML, and render previews. Required binary 'node' is appropriate. No unrelated credentials or services are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to read local reference files and run the included node scripts (e.g., generate-slide-html.mjs, markdown-to-content.mjs). The scripts operate on local files and produce HTML/PNG outputs. There are no instructions to read unrelated system files, access secret environment variables, or send data to external endpoints.
Install Mechanism
This is instruction-only (no install spec), which keeps risk low. One inconsistency: SKILL.md frontmatter contains a dependencies string ('npm install -g @aspect-ratio/preview-renderer') even though there is no automated install spec and the codebase does not reference that package. That string may be a leftover or a manual recommendation; avoid blindly running global npm installs from unknown packages.
Credentials
The skill declares no required env vars or credentials. Some scripts use an optional CHROME_BIN env var to override a default Chrome binary for headless rendering — this is reasonable for preview rendering and is not a secret. No API keys or unrelated credentials are requested.
Persistence & Privilege
Skill has always: false and does not request persistent/system-wide privileges. It does not modify other skills or system configuration. Scripts write outputs to local dist/ paths only.
Assessment
This skill appears to do what it says: produce single-file HTML slide decks using Node scripts and local theme files. Before installing or running anything: 1) Ensure you have Node installed. 2) Avoid running any suggested global npm install command (the SKILL.md mentions @aspect-ratio/preview-renderer but the code does not reference it) until you verify the package and trust its source. 3) If you want preview PNGs, the scripts call headless Chrome (uses a macOS default path and optionally CHROME_BIN); make sure you understand and control that tool on your system. 4) Run the scripts in a sandbox or review them locally (they only read/write files and invoke local binaries) if you have concerns. 5) If you need tighter assurance, run smoke-test.mjs and inspect generated outputs before supplying real or sensitive content.scripts/build-preview-gallery.mjs:28
Shell command execution detected (child_process).
scripts/chrome-utils.mjs:27
Shell command execution detected (child_process).
scripts/generate-theme-gallery.mjs:34
Shell command execution detected (child_process).
scripts/smoke-test.mjs:13
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97915331qqpxareysnyzt1k1d83x5k5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎯 Clawdis
Binsnode