← Back to Skills Marketplace
Ppt Video
by
vincentlau2046-sudo
· GitHub ↗
· v1.4.1
· MIT-0
96
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install ppt-video
Description
将PPTX/PDF/HTML演示文稿及背景材料自动转换成1280×720口语化播报视频,支持内容风格识别和语速调节。
Usage Guidance
This skill appears to do what it claims, but proceed with caution: 1) Provide a tightly-scoped input directory containing only files you intend the skill to process (avoid passing root or broad workspace paths). 2) The Node script uses execSync with concatenated command strings; malicious or specially-crafted filenames might cause command injection or break quoting—sanitize filenames before running, or run the skill in a sandboxed environment (container or VM). 3) The docs disagree on resolution and framerate—verify the produced video matches your requirements before using in production. 4) edge-tts likely requires network access; confirm privacy/usage expectations for TTS output. 5) If you need higher assurance, review the remainder of generate.js (the truncated part) for any network calls, hidden endpoints, or remote uploads. If you lack the ability to sandbox, consider running only on non-sensitive test material or asking the author for clarifications/patches that avoid shell concatenation (use execFile or spawn with argument arrays and strict sanitization).
Capability Analysis
Type: OpenClaw Skill
Name: ppt-video
Version: 1.4.1
The skill bundle provides a functional pipeline for converting presentations to videos using Node.js, Python, and external CLI tools like FFmpeg and edge-tts. It is classified as suspicious due to significant command injection vulnerabilities in `scripts/generate.js`. The script uses `execSync` to execute shell commands with strings constructed from user-provided file content and paths. While it attempts basic sanitization by removing backticks and escaping double quotes, it fails to sanitize other shell metacharacters (notably `$`), which could allow arbitrary code execution via command substitution if a malicious input file is processed. Repository: https://github.com/vincentlau2046-sudo/ppt-video.git.
Capability Assessment
Purpose & Capability
Name/description match the included code: the scripts extract text, render screenshots, run TTS and assemble video. Declared runtime dependencies in SKILL.md (libreoffice, pdftoppm/poppler, ffmpeg, ImageMagick/inkscape, edge-tts) align with the conversion tasks. Minor inconsistencies exist in documented output specs (some docs say 1280×720, others 1024×720; frame rate and resolution differ across README/SKILL.md/package.json and generate.js). These are likely documentation drift rather than malicious intent.
Instruction Scope
SKILL.md and scripts instruct the agent to recursively scan the provided input directory for PPT/MD/TXT files and then run external commands (libreoffice, pdftoppm, convert/inkscape, edge-tts, ffmpeg). That behavior is necessary for the task but broad: recursive scanning may pick up unexpected files if the input path is not tightly scoped, and generate.js constructs shell commands by concatenating user-controlled paths into execSync strings. While many variables are wrapped in quotes, concatenation of arbitrary file names into shell commands creates a potential command-injection/escaping risk and could lead to unintended command execution or processing of sensitive files if the input directory is not controlled.
Install Mechanism
No install spec in the registry (instruction-only with code files). The skill relies on common system packages and Python/Node packages documented in SKILL.md/README. No remote downloads or obscure install URLs are used in the metadata; installation is manual via apt/pip and npm runtime, which is proportionate to the functionality.
Credentials
The skill does not request environment variables, secrets, or external credentials in registry metadata. Scripts use standard paths (HOME/.openclaw/workspace examples) and allow optional NODE_BIN override in tests. There are no declared or required API keys—TTS is expected to use the local 'edge-tts' tool which may require network access but no secret is requested by the skill.
Persistence & Privilege
Skill flags are default: always=false and agent invocation allowed. The skill does not request persistent platform privileges and does not attempt to modify other skills or system-wide agent configuration. It writes output to configured directories and temporary files within the project/output directories as expected.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ppt-video - After installation, invoke the skill by name or use
/ppt-video - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.1
修复硬编码路径安全问题,移除 /home/Vincent/ 引用,改用环境变量和相对路径
v3.2.0
ppt-video v3.2.0
- 新增讲稿口语化重写功能,自动将书面语转换为汇报/新闻风格
- 优化句子长度(自动调整为 15–25 字/句)
- 自动添加连接词,使内容更自然流畅(先重点后事实)
- 完善多格式支持与输入优先级说明
- 优化 TTS 语速逻辑和标点停顿策略
- 加强页面对齐及音画同步验证
Metadata
Frequently Asked Questions
What is Ppt Video?
将PPTX/PDF/HTML演示文稿及背景材料自动转换成1280×720口语化播报视频,支持内容风格识别和语速调节。 It is an AI Agent Skill for Claude Code / OpenClaw, with 96 downloads so far.
How do I install Ppt Video?
Run "/install ppt-video" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ppt Video free?
Yes, Ppt Video is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Ppt Video support?
Ppt Video is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ppt Video?
It is built and maintained by vincentlau2046-sudo (@vincentlau2046-sudo); the current version is v1.4.1.
More Skills