← Back to Skills Marketplace

PPT to Video（汇报视频生成）

Name: PPT to Video（汇报视频生成）
Author: vincentlau2046-sudo

by vincentlau2046-sudo · GitHub ↗ · v1.4.0 · MIT-0

cross-platform ⚠ suspicious

106

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ppt-to-video

Description

将PPTX/PDF/HTML与背景材料自动匹配，生成1280×720分辨率、带有智能风格识别和口语化TTS的播报视频。

Usage Guidance

This skill appears to implement PPT→video generation as advertised, but review and take precautions before running: - Inspect generate.js for any places it constructs shell commands (execSync) using filenames. If filenames are interpolated into shell commands without sanitization, they can cause command injection; prefer commands invoked with argv arrays. - Don't run the tool pointed at your entire home or repository root — the script recursively scans and copies .md/.pptx/.pdf/.txt files and will therefore gather unrelated or sensitive documents. Point it only at a trusted folder. - Change the default OUTPUT_BASE or supply --output to avoid writing into the hard-coded /home/Vincent/... path left in the script. - Understand that edge-tts is a network TTS client: your text will likely be sent to external TTS services (Microsoft Edge TTS) for synthesis. If content is confidential, use an offline TTS engine or review the TTS client behavior. - Run the skill in an isolated environment (container/VM) the first time, and confirm the external commands it invokes (libreoffice, pdftotext, ffmpeg) are the expected ones. If you need a deeper audit, provide the full generate.js (untruncated) so execSync usages and any network calls can be inspected.

Capability Analysis

Type: OpenClaw Skill Name: ppt-to-video Version: 1.4.0 The skill bundle contains multiple shell injection vulnerabilities in 'scripts/generate.js' and 'scripts/extract_ppt_text.py' due to the use of 'execSync' and 'subprocess.run' with unsanitized string concatenation for shell commands. While the code's logic aligns with its stated purpose of converting presentations to videos using tools like ffmpeg and libreoffice, the lack of proper input escaping for file paths and TTS text (processed via edge-tts) poses a significant RCE risk. The script also relies on hardcoded absolute paths (e.g., '/home/Vincent/'), which is a security anti-pattern.

Capability Assessment

ℹ Purpose & Capability

Name/description match the shipped code and instructions: the scripts collect slides and markdown, perform matching, call TTS and ffmpeg/LibreOffice for screenshots and composition. However the code embeds a hard-coded OUTPUT_BASE (/home/Vincent/.openclaw/...) and SKILL.md examples reference that same local path, which is unrelated to the general purpose and indicates the package was packaged from a specific developer environment without sanitization.

⚠ Instruction Scope

SKILL.md and generate.js instruct the agent to recursively scan arbitrary input directories (and 'note' folders), copy matched files into a temporary project folder, and run external tools. That scanning/copying can pick up unrelated or sensitive files if the user points the skill at a large project or home directory. The instructions also instruct installing and using edge-tts (network TTS) and running local binaries (libreoffice, pdftoppm, ffmpeg). This broad file access is within the apparent goal but is expansively scoped and may be surprising to non-technical users.

✓ Install Mechanism

No install spec is provided (instruction-only), and the SKILL.md lists standard native dependencies (node, pip edge-tts, ffmpeg, LibreOffice, poppler-utils, ImageMagick). Nothing is downloaded from an untrusted URL in the manifest. Risk is from executing local commands, not from an installer.

ℹ Credentials

The skill requests no environment variables or credentials. However it depends on edge-tts (a network TTS client) which will contact external TTS services — the SKILL.md does not call this out as sending content to remote servers. The code will copy arbitrary files into the temp project and write output to a default hard-coded home path unless overridden; that file I/O is expected but may expose data if outputs are later shared.

✓ Persistence & Privilege

The skill is not always-enabled and does not request special platform privileges. It creates temp project folders and writes outputs to disk (normal for this type of tool). There is no evidence it modifies other skills or global agent configuration.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ppt-to-video
After installation, invoke the skill by name or use /ppt-to-video
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.4.0

**v1.4.0 Changelog (ppt-to-video):** - 新增自动将讲稿书面语重写为口语化汇报风格（先重点后事实）。 - 优化句子长度为15–25字/句，自动添加连接词提升流畅感。 - 综合支持新闻/技术/政治/轻松自动风格识别与TTS音色选择。 - 默认语速统一+25%，删除封面/结尾特殊加速逻辑，可用--rate自定义。 - 完善音画对齐验证及讲稿与PPT页数不匹配自动警告功能。

Metadata

Slug ppt-to-video

Version 1.4.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is PPT to Video（汇报视频生成）?

将PPTX/PDF/HTML与背景材料自动匹配，生成1280×720分辨率、带有智能风格识别和口语化TTS的播报视频。 It is an AI Agent Skill for Claude Code / OpenClaw, with 106 downloads so far.

How do I install PPT to Video（汇报视频生成）?

Run "/install ppt-to-video" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PPT to Video（汇报视频生成） free?

Yes, PPT to Video（汇报视频生成） is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PPT to Video（汇报视频生成） support?

PPT to Video（汇报视频生成） is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PPT to Video（汇报视频生成）?

It is built and maintained by vincentlau2046-sudo (@vincentlau2046-sudo); the current version is v1.4.0.

More Skills