ClawHub

Slides Generator

Security checks across malware telemetry and agentic risk

Overview

This slide-generation skill has a legitimate purpose, but its normal workflow runs mutable remote shell code and unpinned package-manager code on the user's machine.

Review before installing. Prefer running the bundled local script or a pinned, checksummed copy instead of the documented curl-to-bash command, and use a project directory, virtual environment, or container so automatic pip/npm installs and PDF writes cannot affect sensitive files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs the agent to execute code directly from a remote URL using `bash <(curl -s ...)`, which is a classic arbitrary code execution pattern. Even if the repository is legitimate, the fetched content can change over time, be tampered with upstream, or be served differently, giving the remote source direct execution on the host.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill expands from document generation into global package installation via npm, which changes the system state and increases attack surface. Installing system-wide dependencies for a presentation task is risky because package supply-chain compromise or overly broad install privileges can lead to code execution outside the intended document-conversion scope.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script automatically installs and executes external dependencies from the network via `pip3 install fpdf2` and may invoke Mermaid CLI via `npx`. In an agent-skill context, this expands a local document-generation task into remote code/package retrieval and execution, which creates supply-chain and unexpected network-execution risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation normalizes executing a remote script via curl without any warning, review step, or integrity verification. This is dangerous because users or agents may treat it as routine, leading to silent execution of untrusted or modified code with the agent's privileges.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The workflow writes user-provided content to `/tmp/slides_content.md` without clearly informing the user that local disk artifacts will be created. While lower severity than remote code execution, it can expose sensitive slide content to other local processes, backups, or later reuse if temporary files are not securely handled.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that it may install software automatically if dependencies are missing, but does not warn users that running the skill can modify the system. Automatic installation introduces supply-chain and privilege risks and is especially concerning in an agent context where commands may run non-interactively.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script downloads and executes Python and Node packages without an explicit warning or consent step. In a security-sensitive agent environment, silently reaching out to package registries is risky because it can introduce unreviewed code execution and violate operator expectations about what the skill is allowed to do.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal