← 返回 Skills 市场
1015
总下载
0
收藏
10
当前安装
1
版本数
在 OpenClaw 中安装
/install slides
功能描述
Create, edit, and automate presentations with programmatic tools, visual consistency, and project-based learning of user style preferences.
安全使用建议
Plain-language checklist before installing or running this skill:
- It's largely an instruction-only helper that expects to read/write files under ~/slides/. Back up any existing ~/slides/ data before use.
- The skill documents using Google Slides, Marp, Slidev, decktape, Playwright, and npm installs. Those features require network access and, for Google Slides, credentials (service account JSON or OAuth). The skill metadata declares no credentials — assume cloud integrations are optional and will require you to supply credentials explicitly.
- The scanner flagged unicode control characters in SKILL.md. This can be used to hide model-manipulating text. Inspect the SKILL.md and other files in a plain/hex viewer for non-printing characters before trusting the instructions. If you are not comfortable reading hidden characters, do not enable autonomous invocation.
- If you will use Google Slides integration: never upload your personal service-account file or other secrets to third-party services. Prefer to run the Google-Slides steps locally and supply credentials only when you explicitly choose to.
- Because the agent has discretion to pick tools, restrict automated/autonomous execution unless you trust it (run manually the first time). Consider running the skill in a sandbox environment or with a dedicated low-privilege user account.
What would change this assessment: explicit metadata clarifying how cloud auth is handled (which env vars or file paths are required), removal/explanation of the unicode-control characters, or a minimal install spec that documents exactly what will be downloaded and executed. If the author supplies that information, confidence could be raised to 'high' and the status could move to 'benign'.
功能分析
Type: OpenClaw Skill
Name: slides
Version: 1.0.0
The skill is classified as suspicious due to its inherent capabilities that introduce a significant attack surface, primarily the ability to execute shell commands (e.g., `npm install`, `npx`, `marp`, `decktape` as described in `tools.md`, and `mkdir -p` in `SKILL.md` and `memory-template.md`). This capability, while necessary for the skill's stated purpose of using programmatic tools, poses a risk for potential shell injection vulnerabilities if agent input is not rigorously sanitized. Additionally, the skill describes handling sensitive API credentials (`creds.json`) for the Google Slides API in `tools.md`, which, despite being a standard authentication method, represents a sensitive operation. While the `SKILL.md` includes strong 'NEVER' rules against unauthorized actions, the underlying capabilities warrant a 'suspicious' classification rather than 'benign' due to the potential for exploitation.
能力评估
Purpose & Capability
Name/description match the instructions: tools, templates, and local storage under ~/slides/ are appropriate for a 'Slides' skill. However, the skill documents use of networked services (Google Slides API) and CLI installs (npm/marp, decktape) while declaring no required credentials or install steps; that mismatch (optional networked features not surfaced in metadata) should be clarified.
Instruction Scope
SKILL.md explicitly instructs the agent to create and read/write files under ~/slides/ (expected), and to honor a 'never make network requests without user action' rule. But the included tooling docs demonstrate network operations (Google Slides API authentication requiring a creds.json, npm installs, Playwright/decktape usage). The guidance is mostly scoped, but these contradictions (tools that require network and credentials vs. the 'never network' statement) are concerning because the skill gives the agent discretion over tool selection and storing credentials locally.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. However the documentation contains explicit install/CLI commands (npm install -g @marp-team/marp-cli, npx slidev, decktape, Playwright) that would cause network downloads if followed; these are not enforced or declared in metadata. Because nothing is written by a registry install, the practical install risk depends on what the agent or user actually runs.
Credentials
Metadata declares no required env vars or credentials, yet tools.md shows Google Slides authentication via a service account JSON file (creds.json) and other commands that may use local files or tokens. Requesting no credentials in metadata is reasonable if cloud integrations are optional, but users should be aware the skill expects/encourages storing project data and possibly auth files under ~/slides/ (local filesystem access).
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It stores state under the user's home directory (~/slides/) which is consistent with its purpose. There is no evidence it attempts to modify other skills or system-wide config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slides - 安装完成后,直接呼叫该 Skill 的名称或使用
/slides触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Slides 是什么?
Create, edit, and automate presentations with programmatic tools, visual consistency, and project-based learning of user style preferences. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1015 次。
如何安装 Slides?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slides」即可一键安装,无需额外配置。
Slides 是免费的吗?
是的,Slides 完全免费(开源免费),可自由下载、安装和使用。
Slides 支持哪些平台?
Slides 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Slides?
由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.0。
推荐 Skills