Back to skill

Security audit

Tmp.LvRAV9oxHk

Security checks across malware telemetry and agentic risk

Overview

This Google Slides skill is mostly purpose-aligned, but it gives an authenticated agent broad presentation-editing power through an under-scoped run escape hatch.

Install only if you trust the npm package and the configured Google account scope. Treat this as a credentialed Slides editor, not just a helper: it can read, export, modify, and delete presentation content, and the generic run tool should be used only with explicit user direction and careful review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and description scope the skill to auth and Google Slides operations, but the documentation explicitly advertises `gog_slides_run` as an escape hatch for uncovered actions. This creates a capability/scope mismatch that can mislead users, reviewers, or orchestration logic into granting a broader tool than intended, increasing the risk of unauthorized or unexpected operations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
A generic `gog_slides_run` catch-all bypasses the safety benefits of a tightly scoped skill by enabling actions outside the enumerated Slides workflows. In an agent setting, such escape hatches are dangerous because they can be used to reach unintended functionality, evade policy assumptions, or perform broader operations than a caller expects from a Slides-only skill.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill exposes `gog_slides_delete_slide`, which is a destructive operation, but the description does not warn users or downstream agents about deletion risk. Without clear disclosure, an agent may invoke deletion during editing workflows without adequate confirmation, leading to unintended loss of presentation content.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill handles presentation creation, reading, exporting, and remote server interaction, but the description does not warn that presentation contents may be transmitted to external services or APIs. This omission can cause users to expose sensitive slide data, speaker notes, or embedded content without informed consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.