← Back to Skills Marketplace

Ppt Afp

Name: Ppt Afp
Author: yipng05-max

by yipng05-max · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

745

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ppt-afp

Description

PPT全自动生成流（AFP：Auto-Flow Prompt）。用户提供主题和内容，Agent自动完成：风格选择 → 大纲生成 → Prompt生成 → AI生图 → 打包PPTX → 发送飞书。当用户说"帮我做PPT"、"生成幻灯片"、"制作演示文稿"、"ppt-afp"时触发。

Usage Guidance

This skill's design is inconsistent: SKILL.md requires API keys (GEMINI_API_KEY, GOOGLE_BASE_URL) and local scripts under ~/.openclaw/skills, but the manifest declares none. Before installing or running it, do the following: 1) Verify and supply only the minimal, scoped API keys (preferably scoped service accounts) and do not store broad credentials in ~/.zshrc; 2) Inspect the referenced local scripts (~/.openclaw/skills/baoyu-*) and TOOLS.md to ensure they are trusted and contain no arbitrary exec/network calls; 3) Do not run commands that set NODE_TLS_REJECT_UNAUTHORIZED=0 — this disables TLS verification and is unsafe; 4) Confirm how Feishu credentials are provided and limit their permissions; 5) Prefer running in a sandboxed/test environment first (no access to your real HOME or production credentials); and 6) Ask the author to update the manifest to declare required env vars, explain all referenced local files, and remove/justify insecure runtime flags. If you cannot validate these points, treat the skill as risky and avoid enabling it for autonomous use.

Capability Analysis

Type: OpenClaw Skill Name: ppt-afp Version: 1.1.0 The skill bundle contains several high-risk configurations, most notably a hardcoded Feishu (Lark) user ID (ou_74c5a7816fcb78172bfca68a7f7449e8) in SKILL.md, which could result in data exfiltration if the skill is used by anyone other than the intended developer. Additionally, the execution commands explicitly disable SSL/TLS certificate validation (NODE_TLS_REJECT_UNAUTHORIZED=0), creating a significant security vulnerability. The skill also relies on specific local directory structures (e.g., '~/Desktop/二饼文件夹/') and external scripts that are not included in the bundle, suggesting it is a highly personalized or poorly generalized tool.

Capability Assessment

⚠ Purpose & Capability

Skill claims to auto-generate PPTs and send via Feishu, which is plausible, but the manifest declares no environment variables or credentials while SKILL.md repeatedly references GEMINI_API_KEY, GOOGLE_BASE_URL and a Feishu USER. It also expects local skill libraries under ~/.openclaw/skills/..., which are not declared. Required artifacts (API keys, local scripts) are missing from the declared requirements — this is an incoherence.

⚠ Instruction Scope

Runtime instructions tell the agent to read files under the user's home (~/.openclaw/skills/... and ~/.zshrc), create directories on the Desktop, run npx/bun to execute local TypeScript scripts, and call a Feishu send script. These steps access other skills' files, local shell config (potentially sensitive), and execute code on the machine — scope extends beyond a simple 'PPT helper' and includes local file I/O and remote API usage.

ℹ Install Mechanism

There is no install spec (instruction-only), which is lower risk in principle. However, the SKILL.md instructs using 'npx -y bun' to run scripts and sets NODE_TLS_REJECT_UNAUTHORIZED=0. Using npx can fetch packages at runtime and the explicit disabling of TLS validation is insecure — these runtime execution patterns raise concerns even without an explicit install step.

⚠ Credentials

The manifest lists no required env vars or credentials, but the instructions require GEMINI_API_KEY and GOOGLE_BASE_URL (for image generation) and a Feishu user/token implied by the send script. The skill also reads ~/.zshrc for env configuration. Requesting/using these secrets without declaring them is disproportionate and opaque.

⚠ Persistence & Privilege

always is false, but the skill's instructions read and execute scripts from ~/.openclaw/skills/* (other skills' directories). Accessing other skills' files/config is a cross-skill scope escalation risk. The skill also writes files to Desktop and system paths. Combined with autonomous invocation (platform default), these behaviors increase the blast radius if misused.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ppt-afp
After installation, invoke the skill by name or use /ppt-afp
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

P1: add Feishu style gallery doc link for visual preview

v1.0.0

Initial publish: PPT全自动生成流，支持8种风格，Gemini生图，自动打包PPTX

Metadata

Slug ppt-afp

Version 1.1.0

License MIT-0

All-time Installs 3

Active Installs 3

Total Versions 2

Frequently Asked Questions

What is Ppt Afp?

PPT全自动生成流（AFP：Auto-Flow Prompt）。用户提供主题和内容，Agent自动完成：风格选择 → 大纲生成 → Prompt生成 → AI生图 → 打包PPTX → 发送飞书。当用户说"帮我做PPT"、"生成幻灯片"、"制作演示文稿"、"ppt-afp"时触发。 It is an AI Agent Skill for Claude Code / OpenClaw, with 745 downloads so far.

How do I install Ppt Afp?

Run "/install ppt-afp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ppt Afp free?

Yes, Ppt Afp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ppt Afp support?

Ppt Afp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ppt Afp?

It is built and maintained by yipng05-max (@yipng05-max); the current version is v1.1.0.

More Skills