ClawHub

Ppt Generator

Security checks across malware telemetry and agentic risk

Overview

This PPT generator does create presentations, but it can publish generated decks into a public file-hosting path with weak disclosure and unsafe rendering choices.

Review before installing. Use only with non-sensitive presentations unless you change the output to a private local path, configure your own trusted hosting, require explicit confirmation before publishing, and escape user-provided text before browser rendering.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill’s declared purpose omits materially relevant behaviors: generated files are published through a file-hosting service with public download URLs, and the workflow also depends on external network resources and local state persistence. In a presentation generator, users may provide sensitive business or personal content, so silently exposing outputs via public hosting creates a real confidentiality risk and undermines informed consent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The example trigger phrase, "Make me a PPT about AI," is extremely broad and overlaps with normal conversation, increasing the chance the skill activates in situations where the user did not intend public generation or upload behavior. Because this skill can create files and publish them via download links, accidental invocation has more security significance than a harmless read-only skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description and feature list emphasize convenience but do not warn that final presentations are uploaded to a file-hosting service and exposed through a downloadable link. For a tool likely used with internal plans, customer data, or other confidential material, lack of upfront disclosure can lead to unintentional data exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The usage trigger phrase '说'帮我做个XX的PPT'即可自动生成' is broad and maps to very common natural language, which can cause accidental or ambiguous invocation. In a skill that can generate files and also perform network/file-hosting actions, unclear activation increases the chance of unintended execution and downstream data exposure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The manifest advertises '一键下载:自动上传到文件托管服务', which implies outbound transfer of generated content to a hosting service without an explicit user warning or consent mechanism in the metadata. Because presentations may contain sensitive business, educational, or personal data, silent upload creates a real confidentiality and data-governance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The feature '联网配色搜索:用户反馈后自动更新' indicates network activity and automatic updates, but the manifest does not clearly warn users about outbound requests or what information may be sent. Even if limited to color/theme lookup, network features expand the attack surface and can leak prompts, preferences, or document context if implemented loosely.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script writes the generated PPTX into a public file-serving directory and prints a public download URL without any access control, consent check, or warning. If presentation content contains sensitive business, personal, or proprietary information, this behavior can cause unintended public disclosure immediately upon generation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal