Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
QoderWork PPT (Jack)
Security checks across malware telemetry and agentic risk
Overview
This is a coherent PowerPoint-generation skill with normal file output, npm/Puppeteer tooling, and optional external image sourcing, but no evidence of hidden or malicious behavior.
Install only if you trust the publisher and are comfortable running npm/Puppeteer tooling. Use local images or non-sensitive presentation topics when possible, because image search or generation can contact external services. Run it from the intended project directory, since it creates files under output/ and clears output/filled during generation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (147)
Intent-Code Divergence
Low
- Confidence
- 93% confidence
- Finding
- The file states that the pipeline auto-names the generated PPTX with a timestamp to avoid overwriting previous runs, but later instructs the agent to tell the user the PPT was generated at the fixed path `output/presentation.pptx`. These two statements describe different actual outcomes and could mislead users or downstream automation about where the file will be.
Intent-Code Divergence
Low
- Confidence
- 96% confidence
- Finding
- The documentation states at L079 that the output file is auto-named with a timestamp to avoid overwriting previous runs, but L093 instructs the agent to tell the user the PPT was generated at `output/presentation.pptx`. These statements are directly inconsistent about the actual output location and could mislead users or downstream automation.
Description-Behavior Mismatch
Medium
- Confidence
- 92% confidence
- Finding
- The manifest describes a skill that matches templates and outputs an editable .pptx file. These rules additionally require calling `generate_image` or `web_search` to obtain images, which introduces content acquisition from external or generative sources rather than just template selection and slide assembly.
Context-Inappropriate Capability
Medium
- Confidence
- 88% confidence
- Finding
- The documented purpose is to generate QoderWork-style presentations by matching among 14 templates and producing a .pptx. Allowing `web_search` for network images adds an external retrieval capability that is not clearly necessary from the manifest wording, which frames the skill as a template-based generator rather than a network-enabled media sourcing tool.
Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The file header and comments describe a local process that fills HTML templates from slides.json and outputs files under output/filled. However, urlToDataUrl performs network fetches for any http(s) image source, adding external network access that is not disclosed in the file's stated intent and is not necessary when the advertised capability is generating editable presentations from templates.
Intent-Code Divergence
Low
- Confidence
- 98% confidence
- Finding
- The inline comment says lucide:<icon-name> support pulls SVGs from unpkg, implying network retrieval. In reality, the code calls lucideSvgToDataUrl, which reads only from the local lucide-static icons directory and returns null if the file is absent, so the documentation actively misstates the behavior.
Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The skill description says it matches templates by topic and outputs an editable .pptx file, which suggests a presentation-layout/generation function. This manifest also instructs the agent to actively generate images or search the web for photos, which is an additional content-acquisition capability not disclosed in the manifest description.
Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The manifest description frames the skill as selecting among 14 templates and producing a PowerPoint file. The template hint here requires generating or searching for a full-bleed background image, which is a broader behavior than the declared scope.
Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- A presentation generator can reasonably format user content into slides, but instructing the agent to perform web searches for relevant photos introduces external information retrieval. That capability is not explicitly justified by the manifest's stated purpose of matching templates and producing a .pptx.
Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- This hint mandates generating or searching for background imagery, which goes beyond simply assembling a presentation from templates. External asset retrieval is a distinct capability that should be explicitly justified in the manifest if intended.
Missing User Warnings
Low
- Confidence
- 88% confidence
- Finding
- This markdown file states that the skill will automatically generate or search for contextual images, which implies external service use or network access. The description does not include any warning about privacy, data transmission, or external requests, even though such behavior could affect user data or system/network integrity.
Missing User Warnings
Medium
- Confidence
- 86% confidence
- Finding
- This markdown skill instructs the agent to call `generate_image` or `web_search` to obtain images, which may transmit the user's topic or slide content to external services. The file does not provide any user-facing warning about privacy, external network use, or possible sharing of request contents when doing so.
Natural-Language Policy Violations
Low
- Confidence
- 93% confidence
- Finding
- The HTML root element explicitly sets `lang="zh-CN"`, which forces a specific language/locale in the skill output. Under the policy criteria, locale constraints should either be optional for the user or clearly justified as region-specific; this file provides no such opt-in or justification.
Natural-Language Policy Violations
Low
- Confidence
- 95% confidence
- Finding
- The document declares `lang="zh-CN"` at the top level, which fixes the content locale to Simplified Chinese. Under the policy rule, forcing a specific language or locale without user opt-in or clear region-specific justification is a natural-language policy concern.
Natural-Language Policy Violations
Low
- Confidence
- 95% confidence
- Finding
- The document declares `lang="zh-CN"`, which fixes the content locale to Simplified Chinese. Under the policy rule, locale constraints should either be optional for the user or clearly documented as region-specific; this file provides neither.
Natural-Language Policy Violations
Low
- Confidence
- 93% confidence
- Finding
- The root HTML element declares the document as `zh-CN`, and the visible slide content is entirely in Chinese. For this file type, the applicable policy concern is natural-language policy violations, and there is no indication that the user can opt into another language or that the locale restriction is explicitly justified.
Natural-Language Policy Violations
Low
- Confidence
- 90% confidence
- Finding
- The document declares `lang="zh-CN"`, which imposes a specific language/locale in the file without offering user opt-in or indicating that the skill is intentionally region-specific. Under the policy criteria, forcing a locale can be a natural-language policy issue when no choice or justification is provided.
Natural-Language Policy Violations
Low
- Confidence
- 91% confidence
- Finding
- The document declares `lang="zh-CN"`, which enforces a specific language/locale choice in natural-language metadata. Under the policy, locale-specific behavior should be user-selectable or clearly justified as region-specific, and no such opt-in or justification appears here.
Natural-Language Policy Violations
Low
- Confidence
- 91% confidence
- Finding
- This HTML document declares `lang="zh-CN"` and all visible content is presented in Chinese, which can constitute a language/locale policy issue when no user opt-in or alternative locale handling is provided. The file does not indicate that the locale is optional, user-selected, or justified as a region-specific artifact.
Natural-Language Policy Violations
Low
- Confidence
- 95% confidence
- Finding
- The document declares `lang="zh-CN"`, which hard-codes a specific language/locale. Under the policy, locale restrictions should either offer user opt-in/choice or be clearly documented as justified for a region-specific use case, and this file provides neither.
Natural-Language Policy Violations
Low
- Confidence
- 88% confidence
- Finding
- The HTML document declares `lang="zh-CN"`, which enforces a specific language/locale in the file. Under the policy criteria, a fixed locale should either be user-selectable or clearly justified as region-specific; neither is indicated here.
Natural-Language Policy Violations
Low
- Confidence
- 97% confidence
- Finding
- The document declares `lang="zh-CN"`, which hard-codes a specific language/locale. Under the policy rule, locale forcing is a finding unless the file offers user opt-in or clearly documents why the locale restriction is required; neither is present here.
Natural-Language Policy Violations
Low
- Confidence
- 90% confidence
- Finding
- The root HTML element declares `lang="zh-CN"`, which sets a fixed language/locale for the document. Under the policy rules, forcing a specific language without user opt-in or a documented region-specific justification is a natural-language policy concern.
Natural-Language Policy Violations
Low
- Confidence
- 93% confidence
- Finding
- The document declares `lang="zh-CN"`, which hard-codes a specific language/locale for the skill output. Under the policy, locale constraints should either be user-selectable or clearly documented as justified; this file provides neither.
VirusTotal
66/66 vendors flagged this skill as clean.