ClawHub
Back to skill
v1.0.0

Slide Deck

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:28 AM.

Analysis

This instruction-only skill is coherent for creating HTML slide decks, with minor user-notice items around CDN-loaded slide assets, local file creation, and embedded speaker notes.

GuidanceThis skill appears safe for ordinary slide creation. Be aware that generated decks load reveal.js from a CDN, create a local HTML file, and may include speaker notes inside that file, so review the output before opening in sensitive environments or sharing it publicly.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/reveal.js@5/dist/reveal.min.css"> ... <script src="https://cdn.jsdelivr.net/npm/reveal.js@5/dist/reveal.min.js"></script>

The generated presentation relies on third-party CDN-hosted reveal.js assets. This is disclosed and central to the slide-deck purpose, but opening the deck can fetch and run remote JavaScript/CSS.

User impactSlides may require internet access and will depend on jsDelivr/reveal.js availability and integrity when opened.
RecommendationUse as-is for normal web-based decks; request local/vendored assets or stricter pinning if you need fully offline or high-assurance presentations.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Save as `[topic]-slides.html` ... File saves to current directory unless user specifies a path

The skill instructs creation of a local output file. This is expected for generating a deck, but users should be aware it writes into the current directory by default.

User impactThe agent may create a new HTML file in the working directory when asked to make slides.
RecommendationSpecify an output path/name when needed and review before overwriting or sharing generated files.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityInfoConfidenceHighStatusNote
SKILL.md
Add speaker notes with `<aside class="notes">` when the user provides extra context

Extra context can be embedded into the generated HTML as speaker notes. This is purpose-aligned, but those notes persist in the file and may be visible to anyone who receives it.

User impactPrivate talking points or background context could travel with the HTML deck if the file is shared.
RecommendationDo not include confidential material in speaker notes unless you intend it to remain in the presentation file; inspect or remove notes before sharing.