中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
cjl-slides
HTML presentation generator with 24 international design styles, exporting to .pptx format
A legitimate HTML presentation generator with 24 design styles and PPTX export. All declared tools are used for their stated purpose with no hidden functionality.
Skill Namecjl-slides
Duration43.2s
Enginepi
Safe to install
No action needed. Skill is safe to use.

Findings 1 items

Severity Finding Location
Low
deploy.sh script referenced but not included Doc Mismatch
SKILL.md mentions '~/.claude/skills/cjl-slides/scripts/deploy.sh' for Vercel deployment, but no deploy.sh file is present in the package. This is a documentation gap rather than a security issue.
运行 `~/.claude/skills/cjl-slides/scripts/deploy.sh`
→ Include deploy.sh in the package if deployment feature is part of the skill, or remove the reference from SKILL.md.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned Write tool maps to filesystem:WRITE; both scripts write output files to user-spe…
Filesystem READ READ ✓ Aligned Read/Glob tools map to filesystem:READ; scripts read input .pptx and .html files
Network READ READ ✓ Aligned WebFetch maps to network:READ; Chart.js CDN fetch is documented and necessary
Shell WRITE WRITE ✓ Aligned Bash tool declared; deploy.sh reference exists in docs but script not present in…

File Tree

4 files · 34.5 KB · 904 lines
Markdown 2f · 464L Python 2f · 440L
├─ 📁 scripts
│ ├─ 🐍 extract-pptx.py Python 96L · 2.8 KB
│ └─ 🐍 html-to-pptx.py Python 344L · 11.7 KB
├─ 📝 SKILL.md Markdown 339L · 14.3 KB
└─ 📝 STYLE_PREVIEWS.md Markdown 125L · 5.7 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
python-pptx * pip No Used for PPTX read/write; version not pinned but package is well-maintained
lxml * pip No Used for HTML parsing in html-to-pptx.py; version not pinned

Security Positives

✓ No credential harvesting or environment variable iteration for sensitive keys
✓ No base64 encoding, eval(), or obfuscated code patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No network exfiltration or C2 communication
✓ All Python dependencies (python-pptx, lxml) are standard and appropriate for the stated functionality
✓ File operations are scoped to user-provided input/output paths only
✓ No subprocess or shell execution in provided scripts — pure file I/O and parsing
✓ SKILL.md accurately describes all major capabilities
✓ Chart.js CDN usage is documented with fallback strategy