ClawHub

PPT 视觉复刻

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PPT screenshot-to-PPTX helper whose main risk is that slide images may be sent to a configured vision-model service.

Install only if you are comfortable sending slide screenshots to the configured VLM provider. Avoid confidential or unauthorized decks, install dependencies from trusted sources, and keep input/output paths limited to the project folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad and include generic requests like analyzing PPT structure or converting infographic screenshots, without clear exclusions for sensitive, copyrighted, or non-PPT image content. In this skill, overbroad routing is more dangerous because the workflow explicitly enables filesystem writes and external network transmission of uploaded images to a VLM endpoint, so mistaken invocation can cause unintended data disclosure or inappropriate handling of non-target content.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill is documented entirely in Chinese and does not specify language negotiation or response-language behavior, which can cause the agent to invoke it in contexts where the user cannot understand warnings, privacy disclosures, or confirmation prompts. Here that matters because the skill includes sensitive operational caveats about external image upload and file generation; if those notices are not surfaced in the user's language, consent and safe use may be undermined.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal