← 返回 Skills 市场
Ppt Afp
作者
yipng05-max
· GitHub ↗
· v1.1.0
· MIT-0
745
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install ppt-afp
功能描述
PPT全自动生成流(AFP:Auto-Flow Prompt)。用户提供主题和内容,Agent自动完成:风格选择 → 大纲生成 → Prompt生成 → AI生图 → 打包PPTX → 发送飞书。当用户说"帮我做PPT"、"生成幻灯片"、"制作演示文稿"、"ppt-afp"时触发。
安全使用建议
This skill's design is inconsistent: SKILL.md requires API keys (GEMINI_API_KEY, GOOGLE_BASE_URL) and local scripts under ~/.openclaw/skills, but the manifest declares none. Before installing or running it, do the following: 1) Verify and supply only the minimal, scoped API keys (preferably scoped service accounts) and do not store broad credentials in ~/.zshrc; 2) Inspect the referenced local scripts (~/.openclaw/skills/baoyu-*) and TOOLS.md to ensure they are trusted and contain no arbitrary exec/network calls; 3) Do not run commands that set NODE_TLS_REJECT_UNAUTHORIZED=0 — this disables TLS verification and is unsafe; 4) Confirm how Feishu credentials are provided and limit their permissions; 5) Prefer running in a sandboxed/test environment first (no access to your real HOME or production credentials); and 6) Ask the author to update the manifest to declare required env vars, explain all referenced local files, and remove/justify insecure runtime flags. If you cannot validate these points, treat the skill as risky and avoid enabling it for autonomous use.
功能分析
Type: OpenClaw Skill
Name: ppt-afp
Version: 1.1.0
The skill bundle contains several high-risk configurations, most notably a hardcoded Feishu (Lark) user ID (ou_74c5a7816fcb78172bfca68a7f7449e8) in SKILL.md, which could result in data exfiltration if the skill is used by anyone other than the intended developer. Additionally, the execution commands explicitly disable SSL/TLS certificate validation (NODE_TLS_REJECT_UNAUTHORIZED=0), creating a significant security vulnerability. The skill also relies on specific local directory structures (e.g., '~/Desktop/二饼文件夹/') and external scripts that are not included in the bundle, suggesting it is a highly personalized or poorly generalized tool.
能力评估
Purpose & Capability
Skill claims to auto-generate PPTs and send via Feishu, which is plausible, but the manifest declares no environment variables or credentials while SKILL.md repeatedly references GEMINI_API_KEY, GOOGLE_BASE_URL and a Feishu USER. It also expects local skill libraries under ~/.openclaw/skills/..., which are not declared. Required artifacts (API keys, local scripts) are missing from the declared requirements — this is an incoherence.
Instruction Scope
Runtime instructions tell the agent to read files under the user's home (~/.openclaw/skills/... and ~/.zshrc), create directories on the Desktop, run npx/bun to execute local TypeScript scripts, and call a Feishu send script. These steps access other skills' files, local shell config (potentially sensitive), and execute code on the machine — scope extends beyond a simple 'PPT helper' and includes local file I/O and remote API usage.
Install Mechanism
There is no install spec (instruction-only), which is lower risk in principle. However, the SKILL.md instructs using 'npx -y bun' to run scripts and sets NODE_TLS_REJECT_UNAUTHORIZED=0. Using npx can fetch packages at runtime and the explicit disabling of TLS validation is insecure — these runtime execution patterns raise concerns even without an explicit install step.
Credentials
The manifest lists no required env vars or credentials, but the instructions require GEMINI_API_KEY and GOOGLE_BASE_URL (for image generation) and a Feishu user/token implied by the send script. The skill also reads ~/.zshrc for env configuration. Requesting/using these secrets without declaring them is disproportionate and opaque.
Persistence & Privilege
always is false, but the skill's instructions read and execute scripts from ~/.openclaw/skills/* (other skills' directories). Accessing other skills' files/config is a cross-skill scope escalation risk. The skill also writes files to Desktop and system paths. Combined with autonomous invocation (platform default), these behaviors increase the blast radius if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ppt-afp - 安装完成后,直接呼叫该 Skill 的名称或使用
/ppt-afp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
P1: add Feishu style gallery doc link for visual preview
v1.0.0
Initial publish: PPT全自动生成流,支持8种风格,Gemini生图,自动打包PPTX
元数据
常见问题
Ppt Afp 是什么?
PPT全自动生成流(AFP:Auto-Flow Prompt)。用户提供主题和内容,Agent自动完成:风格选择 → 大纲生成 → Prompt生成 → AI生图 → 打包PPTX → 发送飞书。当用户说"帮我做PPT"、"生成幻灯片"、"制作演示文稿"、"ppt-afp"时触发。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 745 次。
如何安装 Ppt Afp?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ppt-afp」即可一键安装,无需额外配置。
Ppt Afp 是免费的吗?
是的,Ppt Afp 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ppt Afp 支持哪些平台?
Ppt Afp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ppt Afp?
由 yipng05-max(@yipng05-max)开发并维护,当前版本 v1.1.0。
推荐 Skills