ClawHub

Powerpoint Pptx Layout Export Helper

Security checks across malware telemetry and agentic risk

Overview

This is a PowerPoint deck helper whose file-handling guidance matches its purpose, with only a minor routing-scope issue in some trigger examples.

Reasonable to install for explicit PowerPoint/PPTX generation, repair, inspection, or export tasks. Invoke it deliberately for deck work, and review any generated or modified presentation copy before replacing an important original file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger sentences are generic and malformed enough that the skill could activate in contexts where the user did not clearly request PowerPoint/PPTX automation. In an agentic environment, overly broad activation increases the chance of unintended workflow execution, misrouting, or applying file-manipulation guidance to the wrong task.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are highly generic and include broad natural-language prompts such as 'Help me' and 'I need a practical workflow', which can cause the skill to activate for unrelated PowerPoint requests without clear user intent. In an automation skill that may generate, repair, or export PPTX content, unintended activation can lead to incorrect tool selection, unexpected file operations, or confusing execution paths.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger examples include very broad natural-language phrases such as 'I need a practical workflow for ...' and 'Help me ...', which can cause the skill to activate on ordinary PowerPoint-related requests even when the user did not intend to invoke this specific skill. In an agentic system, over-broad activation can route unrelated tasks into this skill, creating prompt-selection confusion and increasing the chance of unintended file handling or document-processing actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger sentences are overly broad and awkwardly phrased, making it more likely that the skill will activate on loosely related user requests rather than explicit PowerPoint/PPTX automation tasks. In an agent setting, overbroad routing can cause unintended invocation, irrelevant file handling, or execution of presentation-modifying workflows on ambiguous prompts, which increases the chance of unsafe or surprising behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal