Back to skill

Security audit

Image To PPT Pro

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform image-to-PPT conversion, but its OCR helper can automatically install system and Python packages during normal use.

Install only if you are comfortable with a local image-to-PPT workflow that may change the machine by installing OCR dependencies. Prefer running it in a container or isolated environment, preinstall and pin dependencies yourself, and avoid processing confidential screenshots unless you know where outputs and previews will be stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return pytesseract
    except Exception:
        print("Installing tesseract-ocr...")
        subprocess.run(["apt-get","install","-y","-q",
                        "tesseract-ocr","tesseract-ocr-chi-sim"], check=True)
        subprocess.run([sys.executable,"-m","pip","install","pytesseract",
                        "--break-system-packages","-q"], check=True)
Confidence
94% confidence
Finding
subprocess.run(["apt-get","install","-y","-q", "tesseract-ocr","tesseract-ocr-chi-sim"], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("Installing tesseract-ocr...")
        subprocess.run(["apt-get","install","-y","-q",
                        "tesseract-ocr","tesseract-ocr-chi-sim"], check=True)
        subprocess.run([sys.executable,"-m","pip","install","pytesseract",
                        "--break-system-packages","-q"], check=True)
        import pytesseract
        return pytesseract
Confidence
95% confidence
Finding
subprocess.run([sys.executable,"-m","pip","install","pytesseract", "--break-system-packages","-q"], check=True)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This utility combines OCR processing with automatic installation of both system and Python packages, causing significant hidden side effects beyond its stated purpose. In an agent/skill context, that is more dangerous because invoking the skill can alter the host, require elevated privileges, and introduce unreviewed software into the environment without explicit operator consent.

Vague Triggers

High
Confidence
89% confidence
Finding
The trigger rules are extremely broad and instruct immediate activation for generic image uploads and PPTX conversion requests, even when the user does not request identical reconstruction. That creates unintended tool invocation risk, increasing the chance the skill runs shell commands, OCR, file conversion, and output generation on inputs outside its intended scope or without sufficient user confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.