Open Slide
PassAudited by ClawScan on May 10, 2026.
Overview
Open Slide appears aligned with creating and exporting React slide decks, with expected caution around external package downloads, browser automation, and an optional existing-browser connection mode.
Before installing, make sure you trust the upstream open-slide/npm and Python dependencies. Expect local Node/Python commands, Playwright/Chromium setup, and deck/PDF file writes. Avoid using the optional CDP mode with a logged-in browser unless you intentionally want that session available for export.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or scaffolding a deck may run code from external package sources.
These commands fetch and run the upstream open-slide CLI at use time without a pinned version. This is expected for scaffolding an open-slide deck, but it means the user is trusting external npm package content.
pnpm dlx @open-slide/cli init <deck-name> # or: npx @open-slide/cli init <deck-name>
Use trusted package registries, consider pinning package versions, and review the upstream open-slide project before using it in sensitive environments.
The skill can open a URL in a local browser and create or overwrite a PDF at the chosen output path.
The export helper launches Chromium, opens the provided slide URL, captures screenshots, and writes them into a PDF. This is central to the stated PDF export purpose, but it is still local browser automation and file creation.
browser = await p.chromium.launch() ... await page.goto(args.url, wait_until="domcontentloaded", timeout=60000) ... await page.screenshot(path=img_path, full_page=False)
Export only trusted/local slide URLs and verify the output path before running the export.
If pointed at a logged-in browser session, the export could render content available to that session.
When the optional --cdp argument is supplied, the script can attach to an already-running Chromium instance and reuse its first browser context, which could include existing session state. The default path launches a fresh browser instead.
browser = await p.chromium.connect_over_cdp(args.cdp)
...
if contexts:
ctx = contexts[0]Prefer the default isolated browser launch. Use --cdp only with a browser session you intentionally want the script to access.