ClawHub

ppt-creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PPT creation helper that uses Yoo AI APIs, with ordinary risks around sharing content with an external service and handling an API key.

Install only if you are comfortable sending PPT topics, document text, outlines, or project summaries to Yoo AI. Prefer setting YOO_AI_API_KEY as an environment variable instead of saving a real key in config.json; if you do save it there, remove or protect the file when done and rotate the key if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to ask the user for an API key and write it into a local config.json file. That is sensitive credential collection and persistence, which creates a risk of secret leakage to logs, other tools, future sessions, or unintended file exposure, especially because the skill's stated purpose is PPT generation rather than credential management.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to store a user-provided API key locally without a clear warning about credential retention, file exposure, or cross-session access. Even if the user voluntarily provides the key, silent persistence materially increases the chance of accidental disclosure and misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function downloads arbitrary content from a provided URL and writes it directly to a caller-controlled local path with no path validation, destination restrictions, size checks, or confirmation step. In an agent skill context, this can be abused to overwrite sensitive files, place attacker-controlled files in unexpected locations, or exhaust disk space if upstream inputs are influenced by a user or another tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal