Back to skill

Security audit

slides-generation-skills

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate presentations through the 2slides service as advertised, but users should treat slide content and API keys carefully.

Install only if you are comfortable sending presentation prompts, document-derived summaries, and reference images to 2slides for processing. Avoid confidential, regulated, or proprietary material unless you have approval. Prefer the environment-variable Python workflow over putting API keys in URLs, do not commit or share config files containing keys, and rotate the key if it appears in logs, screenshots, shell history, or shared configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly relies on environment-stored secrets and external network access, yet no explicit permissions or safety declaration is provided. This weakens reviewability and informed consent because the skill can transmit user content and use API credentials without transparent capability scoping.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Embedding the API key directly in an MCP server URL query string risks credential leakage through logs, browser history, proxy logs, process listings, configuration exports, and screenshots. For a presentation-generation integration, this is unnecessary exposure of a sensitive secret and can lead to unauthorized use of the 2slides account.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README encourages users to upload documents and provide reference-image URLs, but it does not explicitly disclose that the contents of those files and URLs will be transmitted to the external 2slides service for processing. This can lead users to unknowingly send sensitive internal documents, proprietary data, or private image URLs to a third party, creating a real data exposure and privacy risk.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger language is broad enough to activate on many ordinary requests about slides or presentations without clearly signaling that an external third-party service will be used. Overbroad invocation can cause unintended data transfer of user prompts, document contents, or URLs to the 2slides API.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs users to generate slides from text, documents, and image URLs but does not warn that this data will be sent to an external 2slides service. This omission undermines informed consent and increases the risk of accidental disclosure of confidential documents, sensitive business content, or private URLs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to place the API key directly in a Claude Desktop config file and, in HTTP mode, embed it in a URL query parameter. That creates credential exposure risk because query strings may be logged by clients, proxies, browser/history systems, crash reports, or diagnostics, and plaintext config files are easy to leak via backups, screenshots, or repository commits. In an agent integration context, this is more dangerous because the credential enables direct tool/API use and may be broadly reusable if copied from local configuration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits user-provided presentation content to an external third-party API without any explicit user-facing disclosure or consent mechanism in the tool itself. In an agent/skill context, users may reasonably assume local processing, so this can cause unintended disclosure of sensitive business, personal, or regulated data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.