AI Presentation Maker — the interview-driven pitch deck generator for your OpenClaw agent. Tell it what you built, who you're presenting to, and pick an angl...
Security Analysis
medium confidenceThe skill mostly matches its stated purpose (local pitch‑deck creation) but contains several mismatches and behaviors that don't add up — notably claims of “no network activity” while generating HTML that pulls Google Fonts, an instruction/behavior mismatch around overwriting files, and steps that read files outside the declared scope.
Name/description align with the included scripts (markdown → PPTX/HTML/PDF exports, speaker notes, templates). The required binaries are minimal and proportional. Minor mismatch: SKILL metadata claims “No network activity required,” but the generated HTML references external Google Fonts (network fetch when viewed).
SKILL.md tightly instructs the agent to execute shell commands (USE exec) and to route ALL file I/O through assets/presentation-helper.sh, which is consistent. However: (1) the SKILL.md tells the agent to check for files in ~/workspace (e.g., SOUL.md/AGENTS.md) — this reads outside the stated presentations scope; (2) SKILL.md rules prohibit overwriting files without asking, but the helper script's save-meta and save-deck commands will overwrite existing files without enforcing a prompt; (3) SKILL.md requires use of the helper script, but other SKILL.md fragments and the setup instructions are inconsistent about where to copy the helper (~/workspace vs ~/workspace/presentations), which may break relative references.
There is no remote install step — all helper and export scripts are bundled, which reduces supply‑chain risk. Exports rely on optional external tools (python3, python-pptx, pandoc). The generated HTML includes an @import from fonts.googleapis.com (external network fetch at render time), which contradicts the 'no network activity' claim in metadata.
The skill requests no environment variables, no credentials, and declares no config path requirements outside ~/workspace/presentations. That is proportionate to the stated purpose.
always:false and user-invocable: true (normal). The skill writes files under ~/workspace/presentations (declared stateDir). It does not request system-wide or other skills' credentials. Note: SKILL.md encourages the agent to run commands autonomously via exec — expected for skills, but combined with the other concerns this increases the blast radius.
Guidance
This skill appears to be what it says (a local presentation generator) but there are a few things you should consider before installing or using it: 1) The SKILL.md claims “No network activity required” but the generated HTML imports Google Fonts (your browser will fetch them). If you require fully offline operation, edit the template or remove the font import. 2) The helper script will overwrite existing metadata/markdown files when saving — SKILL.md instructs the agent to ask before overwriting, but the save commands do not enforce prompts. Back up ~/workspace/presentations before first use. 3) The runtime checks look at other files in ~/workspace (SOUL.md, AGENTS.md), so the agent may read files outside the presentations folder for context — if those files are sensitive, don't install or run in that account. 4) The helper uses /tmp for temporary JSON; there is a small race/symlink risk on multi-user systems. 5) Exports requiring python3/pandoc/python-pptx must be installed; the code is bundled (no remote download), which reduces supply‑chain risk. Recommended actions: review the bundled scripts yourself (they are included), run the skill first in an isolated account or VM, confirm backups of existing presentation data, and if you need strict offline behavior, remove external font imports and audit any places that touch paths outside ~/workspace/presentations. If you want higher assurance, ask the maintainer for explicit overwrite safeguards and for the agent to avoid checking files outside the declared scope.
Latest Release
v1.0.0
🎤 v1.0.0 — "Facts, Not Fantasies" 🎯 6-phase interview flow — subject, audience, speaker, work, angle, CTA (1-2 questions at a time) 🎯 Angle brainstorming — generates 3-5 distinct framings based on your content, you pick one 🎯 Tone profiles — professional, conversational (default), humorous, technical 📊 Core slides: Title, Hook, Problem, What We Built, What It Does, Real Results 📊 Situational slides: Investment/Costs, Mistakes, Why Now, DIY Path, Testing, Potential, Framework 📊 Closing slides: Offer/CTA, Q&A with resources 📊 Every number comes from the interview — no made-up stats, [INSERT] placeholders for missing data 🔍 Factual validation engine — scans every slide before delivery 🔍 Flags speculative language ("could save", "might generate", "potential to") 🔍 Flags unverified numbers — anything not from the interview gets a placeholder 🔍 Flags projections — auto-adds caveat: "Based on early results, IF trends hold..." 🔍 Flags superlatives ("best", "fastest", "only") — user confirms or removes 🔍 Validation summary with 🔴🟡🟢 traffic-light scoring 🎙️ Speaker notes on every slide — "What to say" + "What NOT to say" + timing cues 🎙️ Anti-speculation guard in notes — "Don't promise specific ROI", "Say 'based on what we've seen'" 🎙️ Visual aid callouts — where screenshots, demos, or props should go ✏️ Natural language editing — "make it shorter", "add real costs", "change tone to technical" ✏️ Angle switching — re-generates deck with new framing, keeps all interview data ✏️ Duplicate for different audiences — copy deck, re-interview for audience + angle only 🌐 HTML Slides export (RECOMMENDED) — beautiful full-screen presentation in a single file 🌐 3 themes: gradient (modern), dark (dramatic), light (corporate) 🌐 Arrow keys + space to navigate, touch/swipe on mobile 🌐 Press N for live speaker notes panel during presentation 🌐 Print button → pixel-perfect PDF (each slide = one page) 🌐 Zero dependencies beyond Python 3 standard library — no pip installs 🎨 Template Gallery — 11 premade slide layouts, each stage-optimized at 1280×720 🎨 Slide types: title, section, text, text+image, big_number, comparison, screenshot, quote, timeline, qr_code, closing 🎨 4 visual themes: Terminal (dark+green hacker), Executive (navy+gold corporate), Spark (purple/teal startup), Clean (white Swiss minimal) 🎨 5th option: Custom — user provides brand colors/fonts via style_instruction JSON, engine builds a theme on the fly 🎨 Per-slide HTML generation — each slide is its own file for maximum visual control 🎨 Agent auto-selects slide types based on interview content (hook→big_number, costs→comparison, etc.) 🎨 Combined deck AND per-slide modes — use both for presenting vs design control 🎨 Placeholder template mode — generates HTML with {{TITLE}}, {{BODY_TEXT}} tokens for external injection 📋 Asset Planning phase — image needs, QR codes, data viz planned BEFORE generation 📋 Quality Checklist — 9-point post-generation QA (style consistency, overflow, accessibility, links, notes) 📋 Text length rules — max words per title/bullet/slide enforced, auto-split if exceeded 📋 Edge case handling — long text auto-split, missing images → placeholders, incomplete interviews → user prompt 📋 Accessibility — all images require alt attributes, semantic HTML structure 📋 Manus tool compatibility note — skill generates files directly (no slide_initialize/slide_edit dependency) 🟣 Gamma.app export — clean markdown stripped of speaker notes, optimized for Gamma card import 🟣 Zero dependencies — pure shell script, works everywhere 📦 Markdown export — structured, portable, version-controllable 📦 PPTX export — via bundled export-pptx.py (requires python-pptx) 📦 PDF export — via pandoc (or just use HTML Print) 🛡️ Bundled presentation-helper.sh — all file ops through code-enforced sanitization 🛡️ Path traversal prevention — can't escape ~/workspace/presentations/ 🛡️ Shell injection blocked — metacharacters stripped from all user input 🛡️ JSON validation on every metadata save 🔗 Works standalone or with AI Persona OS (auto-pulls speaker info from SOUL.md)
More by @jeffjhunter
Published by @jeffjhunter on ClawHub
