ClawHub

ppt-produce-bycodex

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed PPT-generation workflow, but it asks the agent to source a personal shell startup file to use API credentials, which is broader than necessary.

Review this skill before installing if you do not want agents reading or sourcing your shell configuration. Prefer providing OPENAI_API_KEY and OPENAI_BASE_URL through a scoped runtime environment, verify the configured API endpoint, and only allow the optional frontend demo/dev-server workflow when you explicitly need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The skill instructs the agent to read `~/.zshrc` to obtain `OPENAI_API_KEY` and `OPENAI_BASE_URL`, which unnecessarily reaches into user shell configuration and may expose secrets unrelated to the task. Pulling credentials from dotfiles broadens access beyond the project workspace and can leak, misuse, or normalize secret harvesting behavior in a content-production skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The guide instructs the agent to source ~/.zshrc, inspect whether OPENAI_API_KEY is present, print OPENAI_BASE_URL, and call the configured API endpoint. For a PPT-generation skill, touching shell startup files and probing credential/configuration state exceeds the minimum needed scope and can expose sensitive environment details or normalize unnecessary secret-adjacent inspection.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The guide expands from PPT/PNG/PPTX production into building local frontend demos, invoking other design/frontend skills, and potentially starting a dev server. This is a material capability expansion beyond the declared skill purpose, increasing the chance of arbitrary code generation/execution, package installation, local service exposure, and workspace pollution under the guise of presentation work.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Reading API-related environment settings from shell configuration without an explicit user-facing warning creates a real secret-handling risk. In this context, the danger is heightened because the skill is for PPT generation, so accessing personal shell config is not an obvious or minimally necessary step and may violate least-privilege expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal