ClawHub

GoAI PPT Gen

Security checks across malware telemetry and agentic risk

Overview

This PPT generator mostly matches its stated purpose, but it needs review because it sends user content and local references to GoAI, uses an API key, auto-opens generated files, and has a misleading insufficient-credit fallback.

Install only if you trust GoAI with your prompt, reference images, generated deck links, and API-key-backed account usage. Do not pass confidential files unless you intend to upload them to the provider. Treat the insufficient-credit demo URL as a generic sample, not your generated presentation, and be aware the script may auto-open the downloaded PPTX locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
elif system == "Linux":
            subprocess.run(["xdg-open", path], check=True, capture_output=True)
        elif system == "Windows":
            subprocess.run(["start", "", path], check=True, shell=True, capture_output=True)
    except subprocess.CalledProcessError:
        pass
Confidence
97% confidence
Finding
subprocess.run(["start", "", path], check=True, shell=True, capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly exercises sensitive capabilities including environment access, shell execution, filesystem reads/writes, and outbound network access, yet it declares no explicit permissions boundary. That mismatch can prevent users or the hosting platform from making an informed trust decision and increases the chance of over-privileged execution for a networked, file-uploading skill.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that local reference images are uploaded and user request content is sent to a third-party service, but it does not present this as a clear user-facing privacy/data-transfer warning. This is dangerous because users may unknowingly provide sensitive local files, proprietary content, or confidential business material to a remote service.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest’s default prompt is highly permissive and directs the agent to forward the user's PPT request "as-is" to an external script/API without meaningful trigger constraints, content boundaries, or exclusions. This broad invocation pattern increases the chance the skill is activated for unsafe or unintended requests, including sensitive data forwarding or generation of inappropriate content, especially because it also instructs the agent to persist until success and disclose resulting artifact locations/URLs.

Session Persistence

Medium
Category
Rogue Agent
Content
This package targets the production PPT service at `https://ppt.mustgoai.com`. Override `GOAI_BASE_URL` only when you intentionally need a different endpoint.

This skill now uses a single cross-platform Python entrypoint through `uv`. Treat `uv` as the only runtime dependency the user needs to install manually. On first run, `uv` may create a local environment, install `httpx`, and download Python if the machine does not already have a usable interpreter. That first-run setup is expected and should not be described as an error.

If the user provides local reference images, the script uploads them first and sends the resulting URLs as `referenceImages`. If the user provides remote URLs, the script passes them through unchanged.
Confidence
74% confidence
Finding
create a local environment, install `httpx`, and download Python if the machine does not already have a usable interpreter. That first-run setup is expected and should not be described as an error. I

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal