ClawHub

Awesome Deck Pdf

Security checks across malware telemetry and agentic risk

Overview

This is a coherent slide-deck and PDF-export skill, with expected browser and file use for that purpose but some normal caution needed around external resources and untrusted HTML.

Install this if you want an agent to generate HTML slide decks and export PDFs. Run it in a dedicated project folder, review any npm/pip installs, prefer screenshots over private or login-only URLs, and only export HTML you trust because browser rendering may load external resources referenced by the file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises many broad trigger phrases such as generic requests to 'make slides', 'build a deck', and multilingual equivalents, which can cause the skill to activate for common presentation-related queries even when the user did not intend to use this specific workflow. Over-broad invocation increases the chance of unintended execution paths, unnecessary file/URL processing, and user confusion, especially because the skill can act on uploaded files and website URLs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script opens a local HTML file in a full browser context and waits for network idle, so any remote scripts, images, fonts, or trackers referenced by that HTML may be fetched automatically. In a skill/agent setting, this can leak usage metadata, trigger unintended outbound requests, and execute untrusted page JavaScript during rendering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal