pptx
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or untrusted presentation could create or overwrite files within the chosen extraction location or consume local storage.
The skill unpacks user-supplied Office archives into a chosen output directory. This is expected for PPTX editing, but archive expansion should be done in an isolated folder.
zipfile.ZipFile(input_file).extractall(output_path)
Use a fresh temporary/project directory for unpacking and avoid processing untrusted PPTX files outside a sandbox.
Local conversion tools may run on the documents you provide and can create temporary output files.
The helper invokes LibreOffice locally to validate converted documents. This is purpose-aligned, but it means local document-processing software will parse the selected file.
subprocess.run(["soffice", "--headless", "--convert-to", filter_name, "--outdir", temp_dir, str(doc_path)], ...)
Keep local conversion dependencies updated and process untrusted documents in a restricted workspace.
You have less independent context for confirming where this package came from or whether it matches an upstream project.
The registry metadata does not provide an upstream source or homepage for a code-bearing skill. The visible behavior is purpose-aligned, but provenance is harder to verify.
Source: unknown Homepage: none
Prefer skills from trusted publishers or verify the bundled files before using them with important or sensitive presentations.