← 返回 Skills 市场
Slides Generator
作者
Michael Feng
· GitHub ↗
· v1.0.0
436
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install slides-generator
功能描述
Create Hummingbot-branded PDF slides from markdown with Mermaid diagram support. Use for presentations, decks, and technical documentation with professional...
安全使用建议
This skill likely performs the claimed slide generation, but exercise caution before running it. Specific recommendations:
- Do NOT run the curl | bash command without inspection. Instead, inspect the script text first or use the local scripts/generate_slides.sh included with the skill package.
- Prefer running the script in an isolated environment (container or VM) or a Python virtualenv and use npm with --location=project or --user equivalents to avoid global installs.
- The script will automatically run pip3 install fpdf2 (no --user) and may invoke npx to pull mermaid-cli — these change your system and could run arbitrary code. Consider manually installing verified dependencies from trusted sources.
- If you must use the remote URL, verify it points to a pinned commit or release (not just raw/master) and review the script content for unexpected network calls or command execution.
- If you need stronger assurance, ask the skill author for a signed release, a reproducible package, or a versioned GitHub release instead of executing raw content from the web.
- If you are not comfortable auditing shell/Python scripts, avoid running this skill on sensitive hosts.
功能分析
Type: OpenClaw Skill
Name: slides-generator
Version: 1.0.0
The skill is classified as suspicious due to several high-risk behaviors. Firstly, the `SKILL.md` instructs the agent to download and execute a script from a remote GitHub URL (`curl -s https://raw.githubusercontent.com/... | bash`), posing a significant supply chain risk if the remote repository is compromised. Secondly, the `scripts/generate_slides.sh` script accepts `--input` and `--output` file paths directly from user input (via the agent) without sufficient sanitization, creating critical arbitrary file read and write vulnerabilities. A malicious prompt could instruct the agent to read sensitive system files or write to arbitrary locations (e.g., `/etc/cron.d/`). Lastly, `SKILL.md` instructs the agent to translate user-provided natural language descriptions into Mermaid code, creating a prompt injection surface where a malicious user could attempt to trick the agent into generating harmful code or commands.
能力评估
Purpose & Capability
The stated purpose (markdown -> PDF slides with Mermaid support) matches the included script's functionality, but the SKILL.md declares no required binaries or env vars while instructing users to run tools that do require them (python3, fpdf2, mermaid-cli/npm). That mismatch is unexpected and reduces transparency.
Instruction Scope
The SKILL.md explicitly instructs executing a remote script via bash <(curl -s https://raw.githubusercontent.com/...), which downloads and executes code at runtime. The document also instructs global installs (npm -g, pip3 install) and saving temporary files. There are no instructions to verify the remote script or pin a commit hash. Apart from that, the instructions limit file access to the provided markdown and optional logo.
Install Mechanism
There is no formal install spec, but the runtime script will auto-install Python packages (pip3 install fpdf2) and relies on mermaid-cli (either installed or run via npx, which pulls from npm). The SKILL.md's curl|bash pattern executes code fetched from GitHub at runtime; while GitHub is a known host, downloading and executing unverified remote code is high risk. The script's auto-installation uses global installs (no --user), which can modify the system environment.
Credentials
The skill does not request environment variables, credentials, or config paths. The script also does not read other system credentials. This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-on and does not request special platform privileges. However, the script performs package installations (pip3 install, and may invoke npm installs via npx) that can affect the host environment and may require elevated permissions. It does not persistently modify agent configuration or other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slides-generator - 安装完成后,直接呼叫该 Skill 的名称或使用
/slides-generator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Hummingbot-branded PDF slides from markdown with Mermaid diagram support.
元数据
常见问题
Slides Generator 是什么?
Create Hummingbot-branded PDF slides from markdown with Mermaid diagram support. Use for presentations, decks, and technical documentation with professional... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 436 次。
如何安装 Slides Generator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slides-generator」即可一键安装,无需额外配置。
Slides Generator 是免费的吗?
是的,Slides Generator 完全免费(开源免费),可自由下载、安装和使用。
Slides Generator 支持哪些平台?
Slides Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Slides Generator?
由 Michael Feng(@fengtality)开发并维护,当前版本 v1.0.0。
推荐 Skills