中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:21 hr ago Rescan
0 /100
ppt-skill / revealjs
Create Reveal.js HTML presentations with Chart.js charts, custom CSS themes, and slide layout scaffolding
A legitimate Reveal.js PPT presentation generation skill with no malicious indicators. All operations are documented, network access is limited to known CDN resources, and scripts only perform presentation scaffolding and HTML validation.
Skill Nameppt-skill / revealjs
Duration29.7s
Enginepi
Safe to install
No action required. The skill is safe to use as a presentation generation tool.
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned Scripts write output files (presentation.html, styles.css) as documented in SKIL…
Network NONE READ ✓ Aligned CDN resources from jsdelivr.net, cdnjs.cloudflare.com, fonts.googleapis.com for …
Shell NONE NONE No shell execution found; Node.js scripts use only fs/path modules
Environment NONE NONE No environment variable access
Skill Invoke NONE NONE No cross-skill invocation
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation except Puppeteer in check-overflow.js, which is local-only
Database NONE NONE No database access
3 findings
🔗
Medium External URL 外部 URL
https://cdn.tailwindcss.com
SKILL.md:765
🔗
Medium External URL 外部 URL
https://contextlab.alibaba-inc.com/skill
package.json:6
🔗
Medium External URL 外部 URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
revealjs/scripts/create-presentation.js:138

File Tree

9 files · 86.8 KB · 2922 lines
Markdown 4f · 2018L JavaScript 3f · 538L CSS 1f · 356L JSON 1f · 10L
├─ 📁 revealjs
│ ├─ 📁 references
│ │ ├─ 📝 advanced-features.md Markdown 142L · 3.1 KB
│ │ ├─ 📄 base-styles.css CSS 356L · 9.0 KB
│ │ └─ 📝 charts.md Markdown 425L · 11.4 KB
│ ├─ 📁 scripts
│ │ ├─ 📜 check-charts.js JavaScript 194L · 6.2 KB
│ │ ├─ 📜 check-overflow.js JavaScript 99L · 3.1 KB
│ │ └─ 📜 create-presentation.js JavaScript 245L · 7.5 KB
│ └─ 📝 SKILL.md Markdown 463L · 17.6 KB
├─ 📋 package.json JSON 10L · 379 B
└─ 📝 SKILL.md Markdown 988L · 28.6 KB

Security Positives

✓ No credential harvesting or environment variable enumeration
✓ No shell command injection or subprocess with user-controlled input
✓ No obfuscated code (base64, eval patterns)
✓ No data exfiltration or external IP communication
✓ CDN resources are from reputable providers (jsdelivr.net, cdnjs.cloudflare.com, Google Fonts) with version pinning where noted
✓ All scripts are pure presentation tooling: HTML generation, chart validation, overflow checking
✓ No hidden functionality — all behavior matches documentation
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No persistence mechanisms (cron, startup hooks)
✓ No supply chain risks — no external dependencies listed in package.json
✓ Node.js scripts use only safe built-in modules (fs, path, cheerio for parsing)