Scan Report
5 /100
slidev-ppt-generator
Generate and export Slidev presentations from Markdown
A benign Node.js presentation generation tool with no malicious indicators. All shell operations (npm init, npm install, npx slidev) are legitimate tooling for a Slidev wrapper.
Safe to install
No action needed. The skill is safe to use as a Slidev PPT generator.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares npm/node; scripts/read+write slides.md files |
| Network | READ | READ | ✓ Aligned | Unsplash URLs in SKILL.md examples; npx fetches from npm registry |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares requires.bins: [node,npm]; scripts use execFileSync for npm/np… |
| Environment | NONE | NONE | — | No env var access observed |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser control |
| Database | NONE | NONE | — | No database access |
12 findings
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg README.md:7 Medium External URL 外部 URL
https://opensource.org/licenses/MIT README.md:7 Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue README.md:8 Medium External URL 外部 URL
https://clawhub.ai README.md:8 Medium External URL 外部 URL
https://cn.sli.dev/ README.md:302 Medium External URL 外部 URL
https://openclaw.ai README.md:304 Medium External URL 外部 URL
https://sli.dev/guide/theme-addon-gallery README.md:306 Medium External URL 外部 URL
https://images.unsplash.com/photo-1451187580459-43490279c0fa?w=1920 SKILL.md:127 Medium External URL 外部 URL
https://images.unsplash.com/photo- SKILL.md:149 Medium External URL 外部 URL
https://images.unsplash.com/photo-xxx?w=960 SKILL.md:192 Medium External URL 外部 URL
https://images.unsplash.com/photo-xxx?w=1920 SKILL.md:317 Info Email 邮箱地址
[email protected] SKILL.md:326 File Tree
15 files · 71.6 KB · 3055 lines Markdown 8f · 2272L
JavaScript 3f · 629L
JSON 4f · 154L
├─
▾
demo
│ └─
▾
openclaw-intro
│ ├─
package-lock.json
JSON
│ ├─
package.json
JSON
│ ├─
README.md
Markdown
│ └─
slides.md
Markdown
├─
▾
examples
│ └─
demo-slides.md
Markdown
├─
▾
references
│ ├─
presentation-design.md
Markdown
│ └─
prompting.md
Markdown
├─
▾
scripts
│ ├─
export.js
JavaScript
│ ├─
generate.js
JavaScript
│ └─
init-project.js
JavaScript
├─
▾
templates
│ └─
tech-share.md
Markdown
├─
_meta.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 7 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@slidev/cli | not pinned | npm | No | Runtime dep; version determined at init-project time |
playwright-chromium | not pinned | npm | No | Optional; auto-installed only when exporting PDF/PPTX |
@slidev/theme-default | not pinned | npm | No | Official Slidev theme |
@slidev/theme-seriph | not pinned | npm | No | Official Slidev theme |
@slidev/theme-apple-basic | not pinned | npm | No | Official Slidev theme |
@slidev/theme-bricks | not pinned | npm | No | Official Slidev theme |
@slidev/theme-shibainu | not pinned | npm | No | Official Slidev theme |
Security Positives
✓ All shell commands (npm init, npm install, npx slidev) are standard tooling explicitly aligned with the stated purpose
✓ SKILL.md declares node and npm as required binaries, matching actual subprocess usage
✓ No credential harvesting, environment variable iteration, or sensitive file access
✓ No base64 encoding, obfuscation, or eval() usage
✓ No curl|bash remote script execution patterns
✓ No hidden functionality beyond what the documentation describes
✓ Dependencies are official Slidev packages and playwright-chromium (standard for PDF export)
✓ All subprocess calls use execFileSync with controlled arguments, not shell string injection
✓ No C2 communication, reverse shells, or data exfiltration channels
✓ No supply chain risks detected — packages are well-known and pinned