Back to skill

Security audit

Ai Ppt Generator 1.1.3

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: it generates slide decks through Baidu AI, but the topic and optional content are sent to Baidu.

Install only if you are comfortable running the included Python scripts, providing a Baidu API key, and sending presentation topics or optional source content to Baidu. Avoid confidential, regulated, or proprietary material unless that use is approved for your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill metadata exposes operational capabilities requiring environment variables, Python execution, and implied network access, but it does not declare permissions or present these capabilities transparently to users. This can cause agents or users to invoke a networked, credential-using skill without informed consent or proper policy gating, especially because it sends prompts to a third-party API.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to provide a PPT topic and then generates slides via Baidu AI, but it never warns that the topic/content will be sent to Baidu for remote processing. Users may unintentionally disclose sensitive business, educational, or personal information to a third party, creating a privacy and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.