ClawHub

officecli-pitch-deck

Security checks across malware telemetry and agentic risk

Overview

This is mainly a pitch-deck skill, but it tells the agent to automatically download and run an unpinned OfficeCLI installer or updater before making slides.

Review this before installing. The deck-generation guidance itself is ordinary, but the automatic OfficeCLI install/update block is the concern. Safer use would be to install a reviewed, pinned OfficeCLI version separately and remove or ignore the automatic curl/bash installer instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill’s stated purpose is generating a single .pptx file, but it instructs the agent to install or upgrade software by downloading and executing remote scripts. That expands the trust boundary from document generation to arbitrary code execution on the host, which is unnecessary for the user-visible task and creates supply-chain risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill fetches a shell installer from a remote GitHub URL and immediately executes it with bash. This is classic remote code execution via supply chain: if the URL, upstream repository, network path, or dependency is compromised, arbitrary commands run on the local system under the agent’s privileges.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill performs installation and upgrade actions that modify the system without any explicit warning or confirmation to the user that code will be fetched and executed. In an agent setting, silent environment modification is especially dangerous because users requested a presentation, not system administration operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal