ClawHub

PPT Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PPT-generation workflow that discloses web search, model routing, and file outputs, with no evidence of hidden or destructive behavior.

Install only if you are comfortable with a presentation workflow that may use web search, multiple model providers, and local generated files. Avoid confidential research, private business material, or regulated data unless those data flows and saved outputs are acceptable, and review generated facts and citations before presenting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very common phrases such as “做个 PPT”, “制作 PPT”, and “presentation”, which are broad enough to match ordinary user requests outside a clearly bounded skill invocation context. This can cause unintended activation of the workflow, leading the agent to perform multi-step actions like web search, file generation, and model routing when the user may only be making a casual request.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The installation guide states that the skill can be activated with a single natural-language sentence, but it does not define clear invocation boundaries or confirmation requirements. In a skill that chains content search, drafting, slide creation, and export, ambiguous activation increases the chance of accidental execution of expensive or sensitive actions without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example trigger phrase uses broad natural language ('帮我做一个 PPT,主题是...') that can cause the skill to activate on ordinary conversation rather than an intentional, scoped invocation. In a skill that performs multi-stage web search and generates deliverable files, accidental activation can lead to unintended external queries, unnecessary file creation, and execution of a substantial workflow without clear user confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description highlights automation benefits but omits clear warnings that the skill may conduct web-based literature searches and automatically generate/export files for delivery. Users may not realize their prompts will trigger external data retrieval or artifact creation, which creates consent, privacy, and operational risk—especially if sensitive topics, unpublished research, or local workspace outputs are involved.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation phrase '帮我做一个 PPT,主题是:[你的主题]' is very broad and maps to a common, natural-language request, which increases the chance of accidental or overly eager activation. In this skill's context, accidental invocation can trigger a multi-stage workflow involving web search, content generation, and file production, causing unintended external data access and output generation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises automated content search and generation of multiple output files, but it does not warn users that prompts or topic data may be sent to external services or that files will be created as side effects. In a workflow that performs web search and produces deliverables like PPTX, PDF, notes, figures, and bibliographic files, the lack of privacy and side-effect disclosure can lead to unintentional data exposure and unexpected file creation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase '只需一句话/帮我做一个 PPT,主题是…' is broad and closely matches ordinary conversational requests, which increases the chance the skill activates unintentionally in normal user interactions. Because this skill can initiate multi-step web research, content generation, and file creation/export, accidental invocation could expose user data to external services and produce unwanted artifacts without explicit consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes automatic literature search and processing by named external models, but it does not warn users that prompts, topics, source material, or potentially sensitive research content may be sent to network services outside the local environment. This creates a transparency and privacy risk because users may reasonably assume the workflow is self-contained when it actually involves third-party processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow promises automatic creation of PPTX, PDF, notes, figures, references, and delivery packages, but it does not clearly warn that files will be written/exported to the workspace. In practice, this can cause unintended persistence of sensitive content, overwrite existing materials, or create sharable outputs that users did not intend to generate.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad enough to match ordinary presentation-help requests, which can cause the skill to activate in situations where the user did not clearly consent to a full automated PPT workflow. Because this skill can perform multi-stage content search and generate deliverables, overbroad invocation increases the chance of unintended external queries, file generation, and misuse of user-provided content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest advertises automated content search, citation management, and output package generation, but does not warn users that their prompts or attached materials may be sent to external tools or that files will be created and packaged. In a productivity skill handling academic content, this omission can lead to privacy, confidentiality, and consent issues, especially if unpublished research, internal data, or copyrighted materials are included.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad, common phrases such as '做个 PPT' and '制作 PPT', which can cause the skill to activate in situations where the user did not intend to invoke this specific workflow. In an agent environment, unintended activation can lead to unexpected web searches, file generation, and downstream actions without sufficiently explicit user confirmation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The manifest specifies creation and export of PPTX, PDF, notes, figures, and a delivery package, but it does not indicate any user-facing notice or approval step before generating or writing files. This is risky because the agent may create, overwrite, or package artifacts on behalf of the user without clear disclosure of what will be produced and where it will be stored.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow includes web-based literature search, data extraction, chart collection, and citation generation, but there is no warning that user-provided topics or materials may be transmitted to external services. This creates a privacy and data-governance risk, especially for unpublished research topics, confidential presentation content, or sensitive academic material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal