ppt-skill / revealjs 安全扫描报告 — 可信 | ClawSafe

0 /100

ppt-skill / revealjs

Create Reveal.js HTML presentations with Chart.js charts, custom CSS themes, and slide layout scaffolding

A legitimate Reveal.js PPT presentation generation skill with no malicious indicators. All operations are documented, network access is limited to known CDN resources, and scripts only perform presentation scaffolding and HTML validation.

技能名称ppt-skill / revealjs

分析耗时29.7s

引擎pi

✓

可以安装

No action required. The skill is safe to use as a presentation generation tool.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	Scripts write output files (presentation.html, styles.css) as documented in SKIL…
网络访问	`NONE`	`READ`	✓ 一致	CDN resources from jsdelivr.net, cdnjs.cloudflare.com, fonts.googleapis.com for …
命令执行	`NONE`	`NONE`	—	No shell execution found; Node.js scripts use only fs/path modules
环境变量	`NONE`	`NONE`	—	No environment variable access
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation except Puppeteer in check-overflow.js, which is local-only
数据库	`NONE`	`NONE`	—	No database access

3 项发现

🔗

中危外部 URL 外部 URL

https://cdn.tailwindcss.com

SKILL.md:765

🔗

中危外部 URL 外部 URL

https://contextlab.alibaba-inc.com/skill

package.json:6

🔗

中危外部 URL 外部 URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css

revealjs/scripts/create-presentation.js:138

目录结构

9 文件 · 86.8 KB · 2922 行

Markdown 4f · 2018L JavaScript 3f · 538L CSS 1f · 356L JSON 1f · 10L

├─ ▾ 📁 revealjs

│ ├─ ▾ 📁 references

│ │ ├─ 📝 advanced-features.md Markdown 142L · 3.1 KB

│ │ ├─ 📄 base-styles.css CSS 356L · 9.0 KB

│ │ └─ 📝 charts.md Markdown 425L · 11.4 KB

│ ├─ ▾ 📁 scripts

│ │ ├─ 📜 check-charts.js JavaScript 194L · 6.2 KB

│ │ ├─ 📜 check-overflow.js JavaScript 99L · 3.1 KB

│ │ └─ 📜 create-presentation.js JavaScript 245L · 7.5 KB

│ └─ 📝 SKILL.md Markdown 463L · 17.6 KB

├─ 📋 package.json JSON 10L · 379 B

└─ 📝 SKILL.md Markdown 988L · 28.6 KB

安全亮点

✓ No credential harvesting or environment variable enumeration

✓ No shell command injection or subprocess with user-controlled input

✓ No obfuscated code (base64, eval patterns)

✓ No data exfiltration or external IP communication

✓ CDN resources are from reputable providers (jsdelivr.net, cdnjs.cloudflare.com, Google Fonts) with version pinning where noted

✓ All scripts are pure presentation tooling: HTML generation, chart validation, overflow checking

✓ No hidden functionality — all behavior matches documentation

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No persistence mechanisms (cron, startup hooks)

✓ No supply chain risks — no external dependencies listed in package.json

✓ Node.js scripts use only safe built-in modules (fs, path, cheerio for parsing)