ClawHub

frontendslides

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent presentation-generation tool with expected local file creation, optional PPTX conversion, and some privacy/supply-chain considerations users should understand.

Use this in a dedicated project folder, especially for PPTX conversion, because it can extract slide text, images, and speaker notes into local files. Install optional Python packages in a virtual environment, avoid converting confidential decks into synced/public folders, and use local/system fonts or remove CDN font links if the presentation must work offline or avoid third-party font requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly instructs writing files to disk, such as saving previews to `.claude-design/slide-previews/` and generating final HTML output, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can persist files, increasing the risk of unintended overwrites or unauthorized artifact creation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior does not fully match the operational instructions: the skill includes PowerPoint extraction workflows, speaker-note handling, asset export, and dependency installation steps that go beyond the stated presentation-generation scope. Behavior mismatches are dangerous because they undermine informed consent and can hide higher-risk operations behind a benign description.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill directs running shell commands (`python ...`) and installing packages (`pip install python-pptx`), which expands its execution surface beyond simple content generation. Even if the commands appear legitimate, instructing execution and installation without strict scoping, validation, or user confirmation increases the risk of unintended code execution, dependency abuse, and environment modification.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill offers browser-based inline editing with auto-save to `localStorage` but does not warn users that their presentation text will persist locally. This can expose sensitive draft content to other users of the same browser profile, create unexpected retention of confidential material, and violate user expectations around ephemeral editing.

External Transmission

Medium
Category
Data Exfiltration
Content
<title>Presentation Title</title>

    <!-- Fonts: use Fontshare or Google Fonts — never system fonts -->
    <link rel="stylesheet" href="https://api.fontshare.com/v2/css?f[]=...">

    <style>
        /* ===========================================
Confidence
92% confidence
Finding
https://api.fontshare.com/

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal