slidev-ppt-generator 安全扫描报告 — 可信 | ClawSafe

5 /100

slidev-ppt-generator

Generate and export Slidev presentations from Markdown

A benign Node.js presentation generation tool with no malicious indicators. All shell operations (npm init, npm install, npx slidev) are legitimate tooling for a Slidev wrapper.

技能名称slidev-ppt-generator

分析耗时37.5s

引擎pi

✓

可以安装

No action needed. The skill is safe to use as a Slidev PPT generator.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares npm/node; scripts/read+write slides.md files
网络访问	`READ`	`READ`	✓ 一致	Unsplash URLs in SKILL.md examples; npx fetches from npm registry
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares requires.bins: [node,npm]; scripts use execFileSync for npm/np…
环境变量	`NONE`	`NONE`	—	No env var access observed
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser control
数据库	`NONE`	`NONE`	—	No database access

12 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:7

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT

README.md:7

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

README.md:8

🔗

中危外部 URL 外部 URL

https://clawhub.ai

README.md:8

🔗

中危外部 URL 外部 URL

https://cn.sli.dev/

README.md:302

🔗

中危外部 URL 外部 URL

https://openclaw.ai

README.md:304

🔗

中危外部 URL 外部 URL

https://sli.dev/guide/theme-addon-gallery

README.md:306

🔗

中危外部 URL 外部 URL

https://images.unsplash.com/photo-1451187580459-43490279c0fa?w=1920

SKILL.md:127

🔗

中危外部 URL 外部 URL

https://images.unsplash.com/photo-

SKILL.md:149

🔗

中危外部 URL 外部 URL

https://images.unsplash.com/photo-xxx?w=960

SKILL.md:192

🔗

中危外部 URL 外部 URL

https://images.unsplash.com/photo-xxx?w=1920

SKILL.md:317

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:326

目录结构

15 文件 · 71.6 KB · 3055 行

Markdown 8f · 2272L JavaScript 3f · 629L JSON 4f · 154L

├─ ▾ 📁 demo

│ └─ ▾ 📁 openclaw-intro

│ ├─ 📋 package-lock.json JSON 95L · 3.1 KB

│ ├─ 📋 package.json JSON 6L · 107 B

│ ├─ 📝 README.md Markdown 47L · 1.6 KB

│ └─ 📝 slides.md Markdown 961L · 17.8 KB

├─ ▾ 📁 examples

│ └─ 📝 demo-slides.md Markdown 124L · 1.2 KB

├─ ▾ 📁 references

│ ├─ 📝 presentation-design.md Markdown 137L · 5.4 KB

│ └─ 📝 prompting.md Markdown 92L · 3.2 KB

├─ ▾ 📁 scripts

│ ├─ 📜 export.js JavaScript 197L · 4.5 KB

│ ├─ 📜 generate.js JavaScript 300L · 7.6 KB

│ └─ 📜 init-project.js JavaScript 132L · 3.0 KB

├─ ▾ 📁 templates

│ └─ 📝 tech-share.md Markdown 160L · 1.7 KB

├─ 📋 _meta.json JSON 10L · 194 B

├─ 📋 package.json JSON 43L · 1.1 KB

├─ 📝 README.md Markdown 310L · 6.7 KB

└─ 📝 SKILL.md Markdown 441L · 14.6 KB

依赖分析 7 项

包名	版本	来源	已知漏洞	备注
`@slidev/cli`	`not pinned`	npm	否	Runtime dep; version determined at init-project time
`playwright-chromium`	`not pinned`	npm	否	Optional; auto-installed only when exporting PDF/PPTX
`@slidev/theme-default`	`not pinned`	npm	否	Official Slidev theme
`@slidev/theme-seriph`	`not pinned`	npm	否	Official Slidev theme
`@slidev/theme-apple-basic`	`not pinned`	npm	否	Official Slidev theme
`@slidev/theme-bricks`	`not pinned`	npm	否	Official Slidev theme
`@slidev/theme-shibainu`	`not pinned`	npm	否	Official Slidev theme

安全亮点

✓ All shell commands (npm init, npm install, npx slidev) are standard tooling explicitly aligned with the stated purpose

✓ SKILL.md declares node and npm as required binaries, matching actual subprocess usage

✓ No credential harvesting, environment variable iteration, or sensitive file access

✓ No base64 encoding, obfuscation, or eval() usage

✓ No curl|bash remote script execution patterns

✓ No hidden functionality beyond what the documentation describes

✓ Dependencies are official Slidev packages and playwright-chromium (standard for PDF export)

✓ All subprocess calls use execFileSync with controlled arguments, not shell string injection

✓ No C2 communication, reverse shells, or data exfiltration channels

✓ No supply chain risks detected — packages are well-known and pinned