ClawHub
Back to skill

Security audit

Slide Maker

Security checks across malware telemetry and agentic risk

Overview

This skill can generate slide content, but it also includes an under-disclosed local text logger that stores and exports user inputs.

Review carefully before installing. Use only with non-sensitive material unless you are comfortable with inputs being saved under ~/.local/share/slide-maker and later searchable or exportable. The artifacts do not show malware, credential theft, network exfiltration, or destructive actions, but the publisher should disclose the logging behavior, narrow the command set, and provide clear cleanup or opt-out controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The advertised functionality is slide and presentation generation, but the implemented commands are a generic text logging toolkit. This mismatch is security-relevant because users may provide sensitive draft content under false assumptions about the tool's purpose and data handling, increasing the risk of undisclosed collection and retention.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The script creates a persistent data directory and appends user input to log files, but the skill description does not disclose that it stores content on disk. Undisclosed persistence is dangerous because users may enter confidential presentation material, credentials, or business data believing the tool is ephemeral.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The presence of marketing-oriented commands like hashtags, hooks, CTA, headline, and schedule materially expands the tool's scope beyond a slide deck generator. While not inherently dangerous alone, this unexplained scope creep is suspicious because it indicates the skill does more than users expect and may solicit or retain unrelated sensitive content.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The branding and help text suggest a slide-making/content tool, but the implementation mainly records arbitrary text entries to files. Misleading representation is dangerous in a skill context because it can induce users to provide content they would not share if they understood that the primary behavior is persistent logging and retrieval.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
These command handlers write raw user input directly to persistent log files without any clear, upfront warning or consent flow. In a slide-authoring context, users may submit proprietary plans, client names, financials, or other sensitive material that then remains on disk and is accessible through other commands.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The export feature aggregates previously logged content into new files in JSON, CSV, or TXT formats without warning that historical sensitive input will be duplicated. This increases exposure by creating additional plaintext copies that may be easier to exfiltrate, sync, or accidentally share.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description uses broad terms like 'Slides' and 'Use when you need Slides capabilities,' which are vague and could cause the agent to invoke this skill in situations where a more specific tool would be safer or more appropriate. Over-broad activation language increases the chance of unintended execution paths and can widen the attack surface if downstream scripts process untrusted input.

Ssd 3

Medium
Confidence
99% confidence
Finding
User-provided content is stored and then exposed through search, recent, status, and export functionality in plaintext. This broadens the attack surface for local disclosure because any sensitive text entered into the tool becomes retrievable through multiple interfaces and may persist indefinitely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.