ClawHub

Seedream Ppt Maker

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its install check unnecessarily exposes part of the user's Seedream API key and the remote data-sharing boundary is not clearly explained.

Review before installing. Do not run check_install.py in shared terminals, CI logs, or support transcripts unless the API-key printing is removed. Only use this skill with content you are comfortable sending to Volcengine/Seedream, and prefer the interactive confirmation flow over quick generation for sensitive or business material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script reads the Seedream API key from a local config file and prints the first 20 characters to stdout. Even partial credential disclosure is sensitive because terminals, CI logs, shell history captures, screenshots, or shared support logs can expose enough material to aid credential correlation or leakage handling failures.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger keyword '生成PPT' is overly broad and can match ordinary user requests that may not intend to invoke this specific skill. Overbroad auto-triggering can cause accidental execution of a skill that performs network calls, reads configuration, and writes files, making the context more dangerous than a simple conversational mismatch.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This is a true credential-handling weakness: the code loads a secret and immediately exposes part of it in user-visible output without any warning or masking discipline beyond truncation. In installation or troubleshooting contexts, users often paste full console output into tickets or chats, making this skill context more dangerous because it encourages exactly the kind of log sharing that can leak credential material.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal