ClawHub

Translate Chinese PPT to English

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PowerPoint translation skill, but users should choose the LLM endpoint carefully because presentation text can be sent to that endpoint.

Install only if you are comfortable with the selected LLM endpoint receiving the Chinese text from slides, tables, grouped shapes, and notes. For confidential presentations, use a local or organization-approved endpoint, avoid untrusted custom API bases, use a revocable API key, and install dependencies in a virtual environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The reference explicitly documents that slide text is sent to OpenAI-compatible APIs, but the skill metadata/description does not clearly disclose this external data transfer. For a document-processing skill, this creates a meaningful privacy and trust issue because users may supply sensitive presentation content without realizing it will leave the local environment.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The documented design allows arbitrary OpenAI-compatible endpoints, which gives the skill broad network exfiltration capability beyond what the brief manifest wording suggests. Even if intended for flexibility, allowing user or operator configured remote endpoints increases the risk of sensitive document contents being sent to untrusted or misconfigured services.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The tool extracts and translates slide notes in addition to visible slide content, but the skill description only promises translating the presentation while preserving non-text content and does not disclose notes handling. Notes often contain speaker guidance, internal comments, or confidential material, so silently including them expands the data scope and can leak sensitive information to the translation backend.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script allows users to direct presentation contents to any OpenAI-compatible endpoint, including cloud services, even though the skill framing suggests a straightforward PPT translation utility rather than a data-export feature. Because presentation text can include proprietary or sensitive business information, arbitrary remote transmission materially increases confidentiality risk.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases include broad terms like 'translate slides' and 'presentation translation', which can cause the skill to activate for generic translation requests beyond Chinese PPTX files. Unintended invocation can route users into a workflow that installs packages, accesses files, and potentially sends presentation data to an LLM endpoint they did not mean to use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill says it uses an OpenAI-compatible endpoint for translation but does not prominently warn users that slide text and possibly notes will be transmitted to an external or local LLM service. For business presentations, this may expose confidential content, internal strategy, customer data, or regulated information without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown describes extracting presentation text and transmitting it to external LLM APIs, but it does not pair this with a clear privacy warning or user consent requirement. Since PPT files often contain confidential business material, silent transmission materially increases the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code sends extracted presentation text to an external LLM API without any explicit consent flow or privacy warning, and that scope includes notes based on earlier extraction logic. In a business-presentation context, this can expose confidential slide content, comments, or internal strategy material to third-party services unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal