ClawHub

Marp Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only helper for Marp CLI with some risky copy-paste examples, but no hidden execution, persistence, exfiltration, or deceptive behavior.

Install only if you trust the marp command on your PATH. Use server mode only for directories you intend to share, avoid HOST=0.0.0.0 on shared or untrusted networks, and enable local file access or raw HTML only for trusted slide decks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The examples document introduces a server mode that serves Markdown presentations over HTTP, which materially expands the skill's operational scope beyond simple local file conversion. In an agent setting, undocumented network-serving behavior can expose local content or create an unexpected listening service that users and orchestrators did not anticipate.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The example `HOST=0.0.0.0 PORT=8080 marp -s ./slides` instructs binding the presentation server to all interfaces, making the served directory reachable from other machines on the network. In a skill described as a converter, this is a risky undocumented capability that could expose sensitive slide content or local files to unintended parties.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Serving presentation directories over HTTP is a context-inappropriate capability for a skill framed as a document conversion tool, because it changes the trust model from local processing to network service. In agent workflows this can create unintended data exposure or policy violations if automation assumes the tool is non-networking.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The server examples show externally reachable URLs and binding behavior without warning that content may become accessible to other users on the host or network. Omitting access-implication guidance increases the chance of accidental exposure, especially when users copy-paste examples into shared or cloud environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The `--allow-local-files` examples enable access to local file resources during rendering but provide no warning about the privacy and security implications. If used on untrusted Markdown or HTML content, this can allow embedded references to sensitive local files to be included, rendered, or exposed during conversion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration example enables both local file access and HTML rendering globally, which weakens important safety defaults. If users process untrusted Markdown, these settings can allow inclusion of local files and active HTML content, increasing the risk of sensitive file exposure, script/content injection, and unsafe rendering behavior.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill documents the `--allow-local-files` option only as a terse 'security note' without explaining that enabling it can allow slide content to read/embed arbitrary local files during rendering, especially when converting untrusted Markdown. In this skill's context, users are encouraged to process Markdown and run preview/server/browser-based conversions, so omitting the risk can lead to unsafe use with untrusted inputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal