← 返回 Skills 市场
443
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hml-google-slides
功能描述
Create, edit, and export Google Slides presentations. Use when creating new presentations, adding or updating slides, reading slide content, exporting to PDF...
使用说明 (SKILL.md)
Google Slides
Uses the gog CLI for basic operations and scripts/slides.py for advanced edits (adding/editing slide content via the Slides API).
Auth Check
Before any Slides operation, verify auth is working:
gog slides info \x3Cany-presentation-id> --account [email protected]
If it fails, re-auth: gog auth add [email protected] --services gmail,calendar,drive,docs,sheets,contacts,tasks,people
Core Commands (via gog)
# Create a new blank presentation
gog slides create "My Presentation" --account [email protected] --json
# Get info about a presentation (slide count, title, etc.)
gog slides info \x3CpresentationId> --account [email protected] --json
# Export to PDF
gog slides export \x3CpresentationId> --format pdf --out /tmp/deck.pdf --account [email protected]
# Export to PPTX
gog slides export \x3CpresentationId> --format pptx --out /tmp/deck.pptx --account [email protected]
# Copy a presentation (e.g., to use a template)
gog slides copy \x3CpresentationId> "Copy Title" --account [email protected] --json
Adding/Editing Slide Content (via scripts/slides.py)
For adding text slides, batch updates, and reading full content, use scripts/slides.py.
# Add a text slide with title and bullet body
python3 scripts/slides.py add-slide \x3CpresentationId> \
--title "Slide Title" \
--body "• Bullet point one\
• Bullet point two"
# Add a slide at a specific position (0-indexed)
python3 scripts/slides.py add-slide \x3CpresentationId> --title "Intro" --insert-at 0
# Run arbitrary batch update requests from a JSON file
python3 scripts/slides.py batch \x3CpresentationId> requests.json
# Export via script
python3 scripts/slides.py export \x3CpresentationId> --format pdf --out /tmp/deck.pdf
# List comments with their anchors (e.g. which slide they are on)
python3 scripts/slides.py list-comments \x3CpresentationId>
# Resolve a comment and optionally leave a reply message
python3 scripts/slides.py resolve-comment \x3CpresentationId> \x3CcommentId> --reply "Fixed!"
Building a Deck from Scratch
Typical workflow:
- Create presentation:
gog slides create "Title" --json→ getpresentationId - Add slides one by one using
scripts/slides.py add-slide - For rich content (images, shapes, formatting), write batch requests to a JSON file and run
scripts/slides.py batch - Export:
gog slides export \x3Cid> --format pdf --out /tmp/deck.pdf
For complex batch requests (images, shapes, text formatting), see references/batch_requests.md.
Getting Presentation ID
From a Google Slides URL:
https://docs.google.com/presentation/d/**\x3CpresentationId>**/edit
Notes
gog slidesuses the Drive API under the hood (no separate Slides scope needed)scripts/slides.pyuses the Google Slides API directly and requires working gog auth tokens- Set
[email protected]in env to skip--accountflag
安全使用建议
This skill will use the 'gog' CLI and your gog-stored OAuth credentials to act on Google Slides and Drive. Before installing, confirm: (1) you trust the skill author and the default account (the code defaults to [email protected] unless you set GOG_ACCOUNT); (2) you are comfortable that the script will export and read refresh tokens and client_id/client_secret from ~/.config/gogcli/credentials.json (the skill metadata did not declare this); (3) the recommended re-auth command requests wide Google scopes (gmail, calendar, etc.) — only grant scopes you intend. If you proceed, set GOG_ACCOUNT to your own account, inspect ~/.config/gogcli/credentials.json contents and permissions, and consider running the skill in an isolated or throwaway environment. Ask the publisher to update metadata to declare the required 'gog' binary and the config path, and to explain why broad scopes and the hardcoded default account are necessary.
功能分析
Type: OpenClaw Skill
Name: hml-google-slides
Version: 1.0.0
The skill is classified as suspicious due to several significant vulnerabilities. The `scripts/slides.py` exports a Google OAuth refresh token to `/tmp/gog_slides_token.json` without cleanup, creating a local information disclosure risk. The `cmd_export` function allows arbitrary file paths for output, potentially leading to unauthorized file writes. Most critically, the `cmd_batch` function executes arbitrary Google Slides API batch update requests from a user-provided JSON file, which, as documented in `references/batch_requests.md`, enables powerful actions like inserting images from arbitrary URLs (SSRF risk) and other broad API manipulations without input validation. While these are vulnerabilities rather than direct malicious intent, they present a substantial attack surface.
能力评估
Purpose & Capability
The name/description (Google Slides create/edit/export) matches the code and instructions: the script uses the Slides and Drive APIs and the SKILL.md documents expected commands. However the skill uses the external 'gog' CLI and reads gog's credentials file (~/.config/gogcli/credentials.json) even though the registry metadata declares no required binaries or config paths — a mismatch between declared requirements and actual needs.
Instruction Scope
SKILL.md instructs running gog commands and a re-auth that requests wide scopes (gmail,calendar,drive,docs,sheets,contacts,tasks,people). The runtime instructions and scripts perform token export via `gog auth tokens export`, read local credential files, and refresh OAuth tokens — actions beyond simply calling Slides APIs. The skill also hardcodes the account '[email protected]' as the default, which is unexpected and could lead to confusion or accidental use of another user's account.
Install Mechanism
No install spec (instruction-only plus a bundled script). That minimizes supply-chain install risk. The script does call external CLI ('gog') at runtime instead of installing anything itself.
Credentials
The script reads sensitive local state: it exports tokens to /tmp/gog_slides_token.json and reads ~/.config/gogcli/credentials.json (client_id and client_secret) to refresh OAuth tokens. The registry declared no required env or config paths, yet the code depends on them. SKILL.md also suggests re-authenticating with many Google scopes (including Gmail), which is broader than strictly necessary for Slides/Drive and is disproportionate unless explicitly justified. The default GOG_ACCOUNT value ([email protected]) is hardcoded and surprising.
Persistence & Privilege
The skill is not always-enabled and doesn't request special platform-level persistence. It doesn't modify other skills or system-wide settings. It does, however, read and write token data to /tmp and user config, which is normal for OAuth usage but should be noted.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hml-google-slides - 安装完成后,直接呼叫该 Skill 的名称或使用
/hml-google-slides触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
HML-specific Google Slides management skill
元数据
常见问题
HML Google Slides 是什么?
Create, edit, and export Google Slides presentations. Use when creating new presentations, adding or updating slides, reading slide content, exporting to PDF... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 443 次。
如何安装 HML Google Slides?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hml-google-slides」即可一键安装,无需额外配置。
HML Google Slides 是免费的吗?
是的,HML Google Slides 完全免费(开源免费),可自由下载、安装和使用。
HML Google Slides 支持哪些平台?
HML Google Slides 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 HML Google Slides?
由 nethunter(@nethunter)开发并维护,当前版本 v1.0.0。
推荐 Skills