ClawHub

html-ppt-to-pdf

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local HTML-slide-to-PDF converter, with expected browser/network caveats but no artifact-backed malicious behavior.

Install only if you are comfortable running a Playwright-based converter on your local HTML. For sensitive decks, prefer local fonts/assets, avoid untrusted proxies, and do not render HTML from untrusted sources unless you sandbox it or block network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script allows the browser to use a caller-supplied proxy or ambient HTTP(S)_PROXY environment variables while rendering attacker-controlled HTML. Because Playwright will load subresources referenced by the HTML, this expands a nominally local file-to-PDF conversion into outbound network access and can leak request metadata or fetch remote content unexpectedly. In this skill context, that is more dangerous because the tool is marketed for local deck conversion, so users may not expect any network egress.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
The route handler transparently serves files from ~/.myagents/skills/html-ppt/ when the input HTML references a matching file:// path. This broadens the renderer's file access beyond the supplied deck and can expose local skill-install assets or other unintended files under that tree to untrusted HTML during rendering. In context, automatic cross-workspace file remapping is riskier because it violates the expected boundary of converting only the provided deck and its adjacent assets.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal