prose-to-deck 安全扫描报告 — 可信 | ClawSafe

0 /100

prose-to-deck

Transform long-form writing into polished single-file HTML slide presentations

A straightforward content-to-HTML presentation skill with no malicious behavior detected — all capabilities are declared, file I/O is scoped to a controlled directory, and no sensitive operations are performed.

技能名称prose-to-deck

分析耗时32.2s

引擎pi

✓

可以安装

No action required. The skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md: creates project folders under ./projects/
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md: runs init_project.py via Bash
网络访问	`READ`	`READ`	✓ 一致	SKILL.md: loads Google Fonts and CDN libraries (Chart.js, ECharts, GSAP)
环境变量	`NONE`	`NONE`	—	No os.environ access in scripts/
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

3 项发现

🔗

中危外部 URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js

references/materials.md:31

🔗

中危外部 URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/echarts/5.4.3/echarts.min.js

references/materials.md:36

🔗

中危外部 URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/gsap.min.js

references/materials.md:71

目录结构

14 文件 · 55.2 KB · 1283 行

Markdown 11f · 1125L Python 1f · 125L JSON 1f · 17L Shell 1f · 16L

├─ ▾ 📁 references

│ ├─ 📝 artifact-analysis.md Markdown 31L · 692 B

│ ├─ 📝 artifact-build-notes.md Markdown 23L · 1.1 KB

│ ├─ 📝 artifact-progress.md Markdown 50L · 1.4 KB

│ ├─ 📝 artifact-slide-plan.md Markdown 32L · 1.3 KB

│ ├─ 📝 artifact-visual-direction.md Markdown 66L · 1.8 KB

│ ├─ 📝 design-system.md Markdown 224L · 10.1 KB

│ ├─ 📝 headline-system.md Markdown 49L · 2.2 KB

│ ├─ 📝 materials.md Markdown 140L · 6.0 KB

│ ├─ 📝 qa-checklist.md Markdown 44L · 2.6 KB

│ └─ 📝 style-seeds.md Markdown 61L · 2.2 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 init_project.py Python 125L · 3.7 KB

│ └─ 🔧 init_project.sh Shell 16L · 536 B

├─ 📋 claw.json JSON 17L · 447 B

└─ 📝 SKILL.md Markdown 405L · 21.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`none`	`N/A`	stdlib	否	scripts/init_project.py uses only Python standard library

安全亮点

✓ All file I/O is strictly scoped to ./projects/ directory — no arbitrary filesystem writes

✓ init_project.py uses only Python standard library (pathlib, datetime, argparse) — no third-party dependencies

✓ Shell script is a thin compatibility wrapper that only calls the Python script

✓ No credential, token, or sensitive environment variable access

✓ No network egress beyond documented CDN fetches (Google Fonts, Chart.js, ECharts, GSAP)

✓ No base64, eval, or obfuscation patterns

✓ No persistence mechanisms (cron, startup hooks, backdoors)

✓ claw.json declares no permissions — correctly minimal attack surface

✓ SKILL.md fully documents all phases, modes, file outputs, and external resource usage