ClawHub

ppt-generator-smb

Security checks across malware telemetry and agentic risk

Overview

This presentation-generation skill mostly matches its stated purpose, but it can automatically install an unpinned Python package and perform web/search/server actions without clear user-facing boundaries.

Install only if you are comfortable with a skill that may create files, run local commands, search the web, and preview decks locally. Prefer installing its Python dependencies yourself from a pinned requirements file, and avoid giving it confidential business plans unless you explicitly approve web searches and local previews.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return True
    except ImportError:
        import subprocess
        subprocess.check_call(['pip', 'install', 'python-pptx', '-q'])
        return True

def create_pptx(title, subtitle, slides_data, output):
Confidence
95% confidence
Finding
subprocess.check_call(['pip', 'install', 'python-pptx', '-q'])

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs use of shell commands, file generation, and local serving, but it declares no permissions or user-facing capability boundaries. This creates a transparency and policy gap: users and the runtime may not realize the skill can write files and execute commands, increasing the chance of unintended code execution, filesystem modification, or unsafe operational behavior.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes self-installing behavior unrelated to its core document-generation logic, causing code execution through the package manager and outbound dependency retrieval during normal use. In an agent skill context, this is more dangerous because execution may happen automatically in a privileged or unattended environment, making supply-chain or environment-manipulation risks more realistic.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The top-level description is broad enough to trigger on many generic business or presentation-related requests, which can cause the skill to activate outside its intended scope. Over-broad activation increases the chance that user content is routed into workflows involving web search, file generation, or shell-backed tooling without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keyword list is ambiguous and lacks scope constraints, so common terms like market analysis, product introduction, or SWOT may activate the skill even when the user only wants text analysis rather than a generated presentation. In this skill, mistaken activation is more dangerous because later steps include external web searches and local file/server operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs use of web_search for market data and competitor information but does not warn users that their query content may be sent to external services. If users include confidential product plans, internal strategy, or sensitive business context, that information could be exposed beyond the local environment.

Missing User Warnings

Low
Confidence
86% confidence
Finding
Starting a local HTTP server for preview without a user-facing warning creates unnecessary exposure and may surprise users who do not expect network-accessible content, even on localhost or a bound interface. Generated slides can contain sensitive business material, and an exposed preview endpoint may be reachable by other local processes or, depending on binding and environment, other hosts.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal