Html Slideshow

This skill is functionally coherent for converting Markdown into static HTML slides, but follow these precautions before running it: - Treat input markdown as potentially dangerous: the generator intentionally allows raw HTML and script tags (the code comments say 'Don't escape - marked will render correctly, HTML is allowed'). Only run the scripts on trusted Markdown or sanitize/strip HTML before processing. Opening generated HTML in a browser will execute any embedded scripts. - Review and audit templates and any custom themes you load. The template compiler uses dynamic code generation (new Function) to build renderers; if you or others add templates untrusted templates could execute code during generation. - The SKILL.md examples include a hard-coded absolute path (/home/Vincent/...), which is likely an environment artifact. When running, point the scripts at your own safe input and output directories — avoid blindly running commands copied verbatim from the README/SKILL.md. - Run the tool in an isolated environment (container or VM) if you need to process Markdown from untrusted sources, and inspect the produced HTML before serving it to others. Consider adding an HTML sanitizer (e.g., DOMPurify on the client or a server-side sanitizer) if you must accept untrusted input. - If you expect this to run autonomously in an agent, be cautious: the agent could read local files you point it at and write HTML that will execute in browsers — only give it directories and files you are comfortable exposing. If you want, I can point out the exact lines/files that allow raw HTML/script injection and show small code changes to mitigate the risk (e.g., sanitize output or disable inline scripts).

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.