Slides

Security checks across malware telemetry and agentic risk

Overview

This presentation skill is coherent and safe to install with normal caution around saved local slide memory, optional tool installs, and Google Slides credentials.

Before installing, expect the skill to create and update ~/slides/ with presentation preferences, templates, and project notes. Do not store secrets there, review any npm/npx installs before running them, and use a dedicated least-privilege Google credential only when you intentionally want Google Slides automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: This markdown file describes creating and storing data in `~/slides/`, including learned styles and project context. Although the behavior is documented, it does not clearly warn the user that the skill will create and update persistent local files that may contain user preferences and project information.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: This markdown file includes code that loads a service account credential file and connects to the Google Slides API, which transmits presentation data to an external service. The surrounding documentation does not warn readers about handling credentials or that content will be sent to Google, so the example lacks basic disclosure for a privacy-relevant operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal