Deckly Redesign

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it asks for Deckly passwords and email codes in chat, uploads decks to Deckly, and can spend paid credits.

Install only if you are comfortable sending presentation contents to Deckly and using a credit-based service. Do not paste an existing account password or email verification code into chat; prefer a manually created API key or a throwaway account, and confirm costs before running full redesign, continue, or one-shot commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The README suggests a very broad natural-language trigger such as 'Redesign this presentation to look more professional,' which can cause the skill to be invoked in situations the user may not specifically intend. In this skill's context, unintended invocation is more concerning because it can lead to presentation files being processed by an external service, creating privacy, consent, and cost risks rather than just harmless over-triggering.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README describes analyzing, restyling, and downloading decks via the Deckly API but does not clearly warn that uploaded .pptx or .pdf contents are sent to a third-party external service. In this context, decks often contain sensitive business, educational, or client information, so omission of this disclosure can cause users to share confidential material without informed consent.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger text includes broad phrases like making slides look better, which can cause unintended invocation in ordinary conversation. In this skill, accidental invocation is more dangerous because the workflow can upload files, contact external services, and lead to credential collection or paid actions.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The skill explicitly instructs the agent to ask for an email and password in chat, creating a natural-language collection path for sensitive credentials. Collecting passwords conversationally exposes users to interception, retention, misuse, and phishing-like abuse, especially because the same flow then uses those secrets to create or access an account.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation explicitly describes credit-charging operations such as full-tier charges and paid continuation after a preview, but it does not instruct the skill to obtain explicit user confirmation immediately before incurring charges. In an agent skill context, that omission is risky because an autonomous workflow could trigger billable actions or irreversible account effects without clear, informed consent from the user.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The upload routine sends an arbitrary local presentation file to a remote third-party service, but the CLI provides no explicit confirmation or warning at the point of action that local content is leaving the host. In an agent/skill context, users may assume local-only processing, so this can cause unintended disclosure of confidential slide content, embedded notes, images, or metadata.

Missing User Warnings

Low

Confidence: 73% confidence
Finding: The download command writes server-provided content directly to a local path selected by the caller, with no warning about file creation or overwrite behavior. While this is normal CLI behavior, in an agent setting it can unexpectedly create or replace local files and may mislead users about where remote content is being stored.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The oneshot workflow combines several consequential actions—uploading a local deck to a remote service, potentially consuming paid credits via continue, and writing a local output file—without a consolidated user-facing warning or confirmation boundary. In an automated skill context, this increases the chance of unintended data disclosure, unapproved spending, and unexpected filesystem writes in a single command.

Ssd 3

High

Confidence: 99% confidence
Finding: The workflow asks the agent to collect both a password and a 6-digit email verification code in conversation. This is dangerous because it trains users to hand over authentication factors in natural language and gives the agent direct access to credentials that can be replayed or mishandled.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill tells the agent to request the user's existing account password and use it directly for login. That is a classic credential-handling anti-pattern that increases phishing risk, expands secret exposure to logs/transcripts, and gives the agent unnecessary access to reusable credentials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal