扫描报告
5 /100
cjl-slides
HTML presentation generator with 24 international design styles, exporting to .pptx format
A legitimate HTML presentation generator with 24 design styles and PPTX export. All declared tools are used for their stated purpose with no hidden functionality.
可以安装
No action needed. Skill is safe to use.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | deploy.sh script referenced but not included 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | Write tool maps to filesystem:WRITE; both scripts write output files to user-spe… |
| 文件系统 | READ | READ | ✓ 一致 | Read/Glob tools map to filesystem:READ; scripts read input .pptx and .html files |
| 网络访问 | READ | READ | ✓ 一致 | WebFetch maps to network:READ; Chart.js CDN fetch is documented and necessary |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Bash tool declared; deploy.sh reference exists in docs but script not present in… |
目录结构
4 文件 · 34.5 KB · 904 行 Markdown 2f · 464L
Python 2f · 440L
├─
▾
scripts
│ ├─
extract-pptx.py
Python
│ └─
html-to-pptx.py
Python
├─
SKILL.md
Markdown
└─
STYLE_PREVIEWS.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
python-pptx | * | pip | 否 | Used for PPTX read/write; version not pinned but package is well-maintained |
lxml | * | pip | 否 | Used for HTML parsing in html-to-pptx.py; version not pinned |
安全亮点
✓ No credential harvesting or environment variable iteration for sensitive keys
✓ No base64 encoding, eval(), or obfuscated code patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No network exfiltration or C2 communication
✓ All Python dependencies (python-pptx, lxml) are standard and appropriate for the stated functionality
✓ File operations are scoped to user-provided input/output paths only
✓ No subprocess or shell execution in provided scripts — pure file I/O and parsing
✓ SKILL.md accurately describes all major capabilities
✓ Chart.js CDN usage is documented with fallback strategy