ClawHub

Slide

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local slide-deck tool that stores presentation content on disk and runs a bundled script, with no evidence of hidden network, credential, or destructive behavior.

Install only if you are comfortable running the bundled Bash/Python helper and saving deck content, including speaker notes, under ~/.slide/data.jsonl. Avoid putting secrets or highly sensitive business content in decks unless you are prepared to protect or delete that local file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents capabilities that read environment state and read/write local files, but it does not declare corresponding permissions or provide any explicit consent boundary. This creates a transparency and authorization gap: an agent or user may invoke the skill without realizing it can persist data to disk and access local context, which increases the risk of unintended data exposure or modification.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill states that it will automatically create ~/.slide/data.jsonl on first use, but it does not warn the user that invoking the skill modifies the local filesystem. While the behavior appears aligned with the feature set, silent persistence can surprise users, leave residual sensitive presentation content on disk, and violate least astonishment in shared or regulated environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill stores presentation data, including slide content and speaker notes, in a persistent file under ~/.slide/data.jsonl without any disclosure, consent mechanism, or retention controls. In this context, notes and slide content can easily contain confidential business data, draft messaging, credentials pasted by mistake, or other sensitive material, so silent persistence increases the risk of unintended local data exposure.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: slide
version: "1.0.0"
description: "Create and manage presentation slides using JSONL storage. Use when building slide decks, applying themes, or exporting to HTML presentations."
author: BytesAgain
homepage: https://bytesagain.com
source: https://github.com/bytesagain/ai-skills
Confidence
84% confidence
Finding
Create and manage presentation slides using JSONL storage. Use when building slide decks, applying themes, or exporting to HTML presentations." author: BytesAgain homepage: https://bytesagain.com sour

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal