ClawHub
Back to skill

Security audit

ZM PPT/Deck 正式生产流程

Security checks across malware telemetry and agentic risk

Overview

This is a PPT production workflow skill with disclosed local helpers and example content, not an automation tool that secretly accesses accounts or data.

Install only if you want a structured PPT/deck production workflow. Before using the included insurance example patterns, confirm rights to any likeness, voice, screenshots, customer conversations, logos, and upload destinations, and avoid putting sensitive customer or account data into slides unless you have consent and a clear retention/sharing plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The outline explicitly promotes digital-human generation using a real person's likeness and voice and frames AI as participating in customer communication, but it provides no safeguards around informed consent, impersonation disclosure, or lawful handling of biometric/personal data. In an insurance context, this is risky because audiences may operationalize the workflow as-is and deploy cloned identities or AI-mediated communications in customer-facing scenarios without transparency or permission.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Qbot section describes a system operating through a user's QQ account that records conversations, remembers customers, and advances business workflows, yet omits account-security, access-control, disclosure, and personal-data governance requirements. This is more dangerous in insurance because customer chats can contain sensitive personal and financial information, and an agent acting through a human account can blur accountability, enable unauthorized access, and create covert AI interactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal