prose-to-deck Security Report — Trusted | ClawSafe

0 /100

prose-to-deck

Transform long-form writing into polished single-file HTML slide presentations

A straightforward content-to-HTML presentation skill with no malicious behavior detected — all capabilities are declared, file I/O is scoped to a controlled directory, and no sensitive operations are performed.

Skill Nameprose-to-deck

Duration32.2s

Enginepi

✓

Safe to install

No action required. The skill is safe to use.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md: creates project folders under ./projects/
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md: runs init_project.py via Bash
Network	`READ`	`READ`	✓ Aligned	SKILL.md: loads Google Fonts and CDN libraries (Chart.js, ECharts, GSAP)
Environment	`NONE`	`NONE`	—	No os.environ access in scripts/
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

3 findings

🔗

Medium External URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js

references/materials.md:31

🔗

Medium External URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/echarts/5.4.3/echarts.min.js

references/materials.md:36

🔗

Medium External URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/gsap.min.js

references/materials.md:71

File Tree

14 files · 55.2 KB · 1283 lines

Markdown 11f · 1125L Python 1f · 125L JSON 1f · 17L Shell 1f · 16L

├─ ▾ 📁 references

│ ├─ 📝 artifact-analysis.md Markdown 31L · 692 B

│ ├─ 📝 artifact-build-notes.md Markdown 23L · 1.1 KB

│ ├─ 📝 artifact-progress.md Markdown 50L · 1.4 KB

│ ├─ 📝 artifact-slide-plan.md Markdown 32L · 1.3 KB

│ ├─ 📝 artifact-visual-direction.md Markdown 66L · 1.8 KB

│ ├─ 📝 design-system.md Markdown 224L · 10.1 KB

│ ├─ 📝 headline-system.md Markdown 49L · 2.2 KB

│ ├─ 📝 materials.md Markdown 140L · 6.0 KB

│ ├─ 📝 qa-checklist.md Markdown 44L · 2.6 KB

│ └─ 📝 style-seeds.md Markdown 61L · 2.2 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 init_project.py Python 125L · 3.7 KB

│ └─ 🔧 init_project.sh Shell 16L · 536 B

├─ 📋 claw.json JSON 17L · 447 B

└─ 📝 SKILL.md Markdown 405L · 21.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`none`	`N/A`	stdlib	No	scripts/init_project.py uses only Python standard library

Security Positives

✓ All file I/O is strictly scoped to ./projects/ directory — no arbitrary filesystem writes

✓ init_project.py uses only Python standard library (pathlib, datetime, argparse) — no third-party dependencies

✓ Shell script is a thin compatibility wrapper that only calls the Python script

✓ No credential, token, or sensitive environment variable access

✓ No network egress beyond documented CDN fetches (Google Fonts, Chart.js, ECharts, GSAP)

✓ No base64, eval, or obfuscation patterns

✓ No persistence mechanisms (cron, startup hooks, backdoors)

✓ claw.json declares no permissions — correctly minimal attack surface

✓ SKILL.md fully documents all phases, modes, file outputs, and external resource usage

Scan Report

File Tree

Dependencies 1 items

Security Positives