ClawHub

Html Report Slides

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal HTML slide-template skill, but it tells the agent to keep appending future lessons into the installed skill file without clear user control.

Install only if you are comfortable controlling or removing the instruction that writes new lessons back into SKILL.md. For confidential reports, keep outputs local unless you explicitly approve upload, and consider replacing remote fonts and example external links with local/system alternatives.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The template fetches Google Fonts and related resources from external domains, which creates outbound network access and breaks the stated 'single-file' expectation. This can leak viewer metadata such as IP address, user agent, and referer, and it also introduces availability and supply-chain dependence on third-party infrastructure.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The HTML imports a Google Fonts stylesheet, which causes outbound network access when the report is opened. In a skill described as producing a single-file/self-contained presentation, this breaks self-containment, leaks viewer metadata such as IP/User-Agent/referrer to a third party, and can fail in restricted or offline environments.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The template contains a hard-coded external link to a hosted demo domain unrelated to core slide rendering. In a skill that generates report HTML, embedded outbound links can direct users to third-party infrastructure, creating phishing, tracking, or trust-boundary risks if users click content they assume is part of the approved template.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase list includes very generic presentation requests such as creating a report page or slide deck, which can cause the skill to activate for many unrelated user intents. Overbroad activation increases the chance of unintended routing, prompt collisions with other skills, and accidental use in contexts where a generic HTML or presentation generator was not intended.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger section lacks activation boundaries and presents multiple broad phrases without constraints, making the skill easier to invoke unintentionally. In an agent ecosystem, ambiguous triggers can hijack common presentation-related requests and degrade routing safety, especially because the skill is designed for broad business reporting scenarios rather than a tightly scoped niche.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to overlap with ordinary user requests for presentations, reports, and architecture diagrams, so the skill may activate when the user did not explicitly intend to use it. This can cause unintended instruction injection at the routing layer, override a more appropriate skill, or steer output format and behavior without clear consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The condition '用我之前那种风格' is ambiguous because it relies on unstated historical context that may not be present, making activation unpredictable. In multi-skill environments, vague references to prior style can cause the wrong skill to claim requests and influence outputs based on assumed memory rather than explicit user choice.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The description is Chinese-only and frames the skill around Chinese-language usage without indicating language negotiation or user preference handling. This can lead to unwanted language switching or reduced usability for users operating in another language, especially if skill selection or downstream behavior inherits that assumption.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The workflow explicitly instructs the agent to ask the user questions in Chinese, which can override the language already established in the conversation. While not a code-execution risk, it is a policy and UX vulnerability because it can cause unintended behavior and make the skill intrusive outside its intended language context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal