Beamer Pipeline Public

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local Beamer-slide pipeline, with the main caution that it can download image URLs from input Markdown and run configured local agent or LaTeX commands.

Install only if you are comfortable with a local slide-generation pipeline that writes an output workspace, may call your configured OpenClaw agents or LaTeX tools, and downloads Markdown image URLs by default. Use --skip-assets for untrusted documents or when outbound network requests are not acceptable, and use --no-agent or a reviewed --agent-cmd if you do not want the skill invoking local agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script automatically fetches attacker-controlled remote URLs extracted from Markdown and writes the retrieved content to local disk without any consent, warning, or allowlist. This creates a real SSRF-style/network reach-out and untrusted file ingestion risk in build or agent environments, potentially exposing internal services, leaking network metadata, or storing unexpected content locally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal