Create stunning, animation-rich HTML presentations from scratch or convert PowerPoint files (.ppt/.pptx) to beautiful web slides. Use when the user wants to...
Security Analysis
high confidenceThe skill's requested actions, files, and optional install align with its stated purpose (building or converting slides); it asks the agent to read user files locally and optionally install python libraries for PPT conversion, but it does not request unrelated credentials, network endpoints, or privileged persistence.
The skill's name/description (generate HTML slides / convert PPT) matches the instructions and file contents: CSS presets, style docs, and a conversion path. The optional pip install for python-pptx and Pillow is justified for Mode B (PPT conversion / image handling). The README's "zero-dependency" claim applies to the generated HTML output (no runtime web dependencies), not the optional conversion tooling.
Runtime instructions ask the agent to enumerate and read local image files (ls, read) and to process content locally; this is consistent with building slides but does grant the agent access to file contents in provided paths. The SKILL.md explicitly states images are processed locally and not sent externally. There are no instructions to contact unknown external endpoints or exfiltrate data. Users should be aware the agent will read files from any paths they provide (e.g., ./assets, ~/Desktop).
No install spec writes code to disk; the only install entry is an optional shell command to pip-install python-pptx and Pillow for PPT conversion. That is a reasonable, minimal runtime dependency for converting .ppt/.pptx files. No downloads from unknown hosts or archive extraction are present.
The skill declares no environment variables, credentials, or config paths. It does not request unrelated secrets. The only resource access implied is filesystem reads/writes of presentation and asset files, which is proportional to the task.
always is false and the skill does not request persistent/privileged presence or modify other skills. Normal autonomous invocation is allowed (platform default) but is not combined with broad credential access or other red flags.
Guidance
This skill appears coherent and matches its purpose. Before installing or running it: (1) understand the agent will read any local paths you point it to (images, PPTs, folders) — avoid giving it access to sensitive directories; (2) PPT conversion uses optional Python packages (python-pptx, Pillow) that the agent may pip-install if you enable that mode — consider installing them yourself in a controlled environment if you prefer; (3) the "zero-dependency" claim refers to the generated HTML (it runs in-browser without npm), not to the conversion tools; (4) review the SKILL.md if you want to confirm there are no network uploads or unexpected external endpoints before granting filesystem access. Overall: coherent and proportionate, no obvious malicious behavior.
Latest Release
v1.0.3
Add MyClaw.ai intro + link to SKILL.md (visible on ClawHub skill page)
More by @LeoYeAI
Published by @LeoYeAI on ClawHub
