ClawHub

AIスライド作成ワークフロー

Security checks across malware telemetry and agentic risk

Overview

This slide-making skill is mostly legitimate, but it asks the agent to bypass permissions and can send or publicly share presentation files through hard-coded external accounts.

Review before installing. Remove the permission-bypass flag, replace hard-coded Google credentials and folder IDs with your own private configuration, keep outputs local by default, stop the temporary server after export, and only upload or publicly share decks after explicit confirmation that the content can be exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes Google Drive upload plus `share ... --to anyone --role reader`, which creates a public link to generated artifacts. For a slide-creation workflow, broad public sharing is not necessary by default and can expose confidential client content, branding, or embedded sensitive data to unintended parties.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The workflow invokes Claude Code with `--dangerously-skip-permissions`, disabling an important safety boundary and allowing the downstream tool to act with excessive privileges. Because the prompt body contains user-provided materials and the tool can generate or execute project actions, this raises the risk of unintended file access, command execution, or data exfiltration beyond what slide generation requires.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow includes Telegram delivery and optional Google Drive upload without clear, user-facing warnings that materials may be transmitted to third-party services. In a slide workflow, files may contain client names, internal strategy, screenshots, or proprietary visuals, so silent or assumed disclosure meaningfully increases confidentiality risk.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs users to send outlines, design prompts, character images, and client/context details to external AI services. This normalizes disclosure of potentially sensitive business information to third parties without clear minimization or consent safeguards, which is risky in a client-deliverable workflow where materials may be confidential.

Ssd 3

Medium
Confidence
93% confidence
Finding
Sending generated deliverables to Telegram and optionally uploading them to Google Drive extends the exposure surface for user work product. In this context, the workflow handles presentation files that may contain confidential client strategy, branding, or personal data, so routine external transmission without strict controls is more dangerous than in a purely public-content workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal