ClawHub

officecli-pptx

Security checks across malware telemetry and agentic risk

Overview

This PPTX helper is mostly about presentation work, but it needs review because it tells agents to download and run unverified installer and updater scripts before use.

Review this skill before installing. Prefer installing officecli yourself from a trusted, pinned source and do not let the skill run its automatic curl/bash or PowerShell updater. Use local image files unless you intentionally approve remote URL fetching, and edit copies of important presentations when using raw XML operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is presented as a local PPTX handling utility, but it instructs the agent to fetch and execute remote installer scripts before use. That materially expands its capabilities from local document processing to arbitrary remote code execution, violating least privilege and creating supply-chain risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill includes unjustified network access and curl-to-shell execution for install/update behavior that is not necessary to describe PPTX operations themselves. Fetching release metadata and executing downloaded scripts allows a compromised upstream source, MITM, or repo takeover to run arbitrary code in the agent environment.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The guide explicitly supports `--prop path=https://example.com/logo.png`, which causes the tool to retrieve remote content during deck creation. In an agent setting, this can leak network metadata, enable unintended outbound requests/SSRF-style access depending on the fetcher, and violate expectations that a PPTX editing skill operates only on local user-provided files.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill directs the agent to run downloaded shell and PowerShell installer scripts without any warning, provenance validation, or user confirmation. This is dangerous because curl-to-shell is a classic arbitrary code execution pattern and normalizes execution of untrusted remote content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown demonstrates remote image fetching without any warning that using an HTTPS URL will trigger outbound network access and transmit request metadata to third parties. In agent workflows, such examples normalize unsafe behavior and can be abused to exfiltrate environment-dependent network information or fetch attacker-controlled content into generated files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The raw XML section exposes high-risk `raw-set` operations that can directly alter or remove low-level PresentationML structures without an explicit warning about corruption, unrecoverable damage, or broken relationships. In this skill context, users are encouraged to modify production PPTX files, so presenting XML mutation as a normal fallback increases the chance of accidental destructive edits or generation of malformed files.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal