ClawHub

deep-research-ppt-pro

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its research-to-PPT purpose, but it can run privileged system package installation during normal execution, so users should review it before installing.

Install only after reviewing the scripts and preferably run it in a container or disposable environment. Do not allow the script to perform automatic sudo apt-get installation on a sensitive machine; install OCR dependencies yourself if needed. Use scoped, revocable ZeeLin and Gemini API keys, keep .env out of version control, and avoid confidential topics unless sharing them with those providers is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
pass
    
    log("  [OCR] 正在安装 Tesseract...")
    os.system("sudo apt-get update -qq && sudo apt-get install -y -qq tesseract-ocr tesseract-ocr-chi-sim")
    return True

def clean_text_for_comparison(text):
Confidence
98% confidence
Finding
os.system("sudo apt-get update -qq && sudo apt-get install -y -qq tesseract-ocr tesseract-ocr-chi-sim")

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to run privileged installation commands using sudo and apt-get, which expands impact from user-space document generation into system-level modification. If followed in a sensitive environment, this could alter the host, install unexpected packages, or be abused as a foothold for broader compromise far beyond the skill's stated purpose.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A PPT/image assembly skill should not modify the operating system by installing packages during execution, especially with sudo. This behavior is more dangerous in this context because users expect document generation, not host reconfiguration, and may run the skill on shared or production machines.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly instructs users to place API keys in a local .env file but does not warn against committing that file, sharing it, or exposing it in generated artifacts and logs. In a skill that automates report/PPT generation and likely interacts with multiple scripts and APIs, missing secret-handling guidance increases the chance of credential leakage through source control, packaging, screenshots, or debugging output.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill mandates Chinese output ('每页必须有 100-150 字的完整中文句子') without providing a user-language choice or documenting a necessary locale restriction. This can override user preference, reduce accessibility, and cause incorrect or unusable output for non-Chinese users, though it is not a direct code-execution or data-exfiltration risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal