Slidev PPT Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Slidev presentation generator, but it can create projects and install npm dependencies as part of setup/export, so users should run it only in intended slide directories.

Install only if you want a Slidev-based workflow. Run it in a dedicated slide project such as ~/slidev-ppt, review before allowing npm installs, and avoid using the export wrapper from unrelated project directories because it may add Slidev/export dependencies there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The skill description says it generates and exports Slidev presentations, but the body also instructs the agent to initialize projects, install dependencies, and add export tooling such as Playwright and themes. That behavior expands from content generation into environment modification and package installation, which can surprise users and cause unintended system or project changes if triggered without explicit consent.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The export wrapper does more than export slides: if Slidev is not present, it automatically initializes a project and may trigger dependency setup in the current working directory. This creates an unexpected side effect boundary for a tool that appears to be a simple exporter, and in an agent context it can modify arbitrary user projects and execute additional scripts or package-manager activity without explicit confirmation.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script automatically runs `npm i -D <name>` when it detects a missing dependency, which causes network-based package installation and lifecycle script execution in the current project. In a security-sensitive agent setting, that is dangerous because exporting a presentation should not implicitly fetch and execute third-party code or alter the user's dependency graph.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The example trigger phrases are very broad ('Make a PPT about ...' / '帮我做一个关于...的 PPT') and can overlap with ordinary user requests for presentations, increasing the chance that the skill is invoked when the user did not explicitly request Slidev or this specific toolchain. Because the skill can initialize environments, start preview servers, and prepare exports, over-broad activation can lead to unnecessary command execution and unintended tool use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal