ClawHub

slides-generation-skills

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: it sends presentation content to the 2slides API to generate slides, with no evidence of hidden execution or unrelated data access.

Install only if you are comfortable sending presentation text, document-derived summaries, and reference images to 2slides for processing. Prefer the Python scripts or an environment-variable-based MCP setup over putting an API key in a URL, avoid confidential or regulated content unless approved, and rotate the API key if it is pasted into logs, screenshots, shared configs, or shell history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly encourages users to upload documents and reference images to the 2slides API, but it does not warn that this content leaves the local environment and is transmitted to a third-party service. Users may unknowingly send sensitive internal documents, personal data, or proprietary images to an external vendor, creating confidentiality and compliance risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installation guidance tells users to persist the API key in shell startup files, but it omits basic credential-handling precautions such as limiting file permissions, avoiding commits/history leakage, and preferring secret managers where available. This increases the chance of accidental credential exposure through dotfiles, backups, shared systems, or terminal history.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation language is broad enough that the skill may trigger on many generic presentation-related requests, increasing the chance it is invoked when the user did not intend to use an external service. That can lead to unnecessary sharing of user content, documents, or images with 2slides. The context makes this more dangerous because invocation may precede a clear privacy warning or consent step.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup and workflow instructions tell the agent to send user content and documents to the external 2slides API without a privacy warning, consent gate, or data-handling notice. This creates a real risk of exfiltrating sensitive material such as internal documents, proprietary plans, or personal data to a third party. Because document summarization is a core workflow, the skill context materially increases the severity.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The MCP configuration example places the API key directly in the URL, which is commonly logged in shell history, config files, proxies, telemetry, and server access logs. Exposed credentials can be reused by anyone who obtains those logs or configuration artifacts, enabling unauthorized API access and billing abuse. The danger is heightened because the example is presented as the recommended setup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API reference documents endpoints that send userInput and, for the reference-image flow, referenceImageUrl/base64 to 2slides.com, but it does not warn that user-provided content and images are transmitted to a third-party external service. This can lead operators or downstream agents to unknowingly exfiltrate sensitive documents, prompts, screenshots, or proprietary data, especially because the skill is explicitly designed to ingest arbitrary user content for slide generation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to place the API key directly in the MCP server URL query string. Query-string secrets are more likely to be exposed through logs, screenshots, browser/history artifacts, crash reports, config sharing, and intermediary tooling than secrets kept in dedicated secret storage or environment variables. In the context of an AI agent integration guide, this is especially risky because users may copy config verbatim into local files or support channels without realizing the credential exposure risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill sends user-provided slide content and potentially a reference image URL or base64 image to an external third-party API without any explicit consent prompt or privacy disclosure in the code path. In an agent context, users may provide sensitive business, personal, or regulated data, so silent transmission increases privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal