Mck Ppt Design Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PowerPoint-generation skill, but it can automatically send generated decks back through an OpenClaw chat channel when that CLI is available.

Install only if you are comfortable with the skill creating local PPTX files and, when OpenClaw channel delivery is available, posting the generated deck back to the active chat or workspace. For confidential board, finance, strategy, or personnel decks, disable or remove the delivery helper and pin dependencies before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (17)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: caption = f'✅ PPT generated — {slide_count} slides, {size_kb:.0f} KB' try: result = subprocess.run( ['openclaw', 'message', 'send', '--media', outpath, '--message', caption],
Confidence: 89% confidence
Finding: result = subprocess.run( ['openclaw', 'message', 'send', '--media', outpath, '--message', caption], capture_output=True, text=True, timeout=30

subprocess module call

Medium

Category: Dangerous Code Execution
Content: caption = f'✅ PPT generated — {slide_count} slides, {size_kb:.0f} KB' try: result = subprocess.run( ['openclaw', 'message', 'send', '--media', outpath, '--message', caption],
Confidence: 93% confidence
Finding: result = subprocess.run( ['openclaw', 'message', 'send', '--media', outpath, '--message', caption], capture_output=True, text=True, timeout=30

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The changelog documents a feature that sends generated PPTX files to external messaging channels, which materially expands the skill from local presentation generation into exfiltration or outbound data transfer. Even if intended as convenience for users, adding automatic channel delivery introduces a data-flow capability that can leak sensitive slide content, metadata, or files to external destinations if misused or triggered without clear user consent.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The use of an external CLI to send files to chat or messaging channels introduces an unnecessary external execution and transfer primitive for a PPT design skill. This broadens the attack surface beyond document creation, enabling unintended disclosure of generated presentations and creating risk if the CLI invocation, destination selection, or environment is manipulated.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The README advertises automatic delivery of generated PPTX files to external channels such as Feishu, Telegram, Slack, Discord, and WhatsApp, which extends the skill beyond local slide generation into networked data transmission. That creates a real security boundary change because sensitive presentation content could be sent to third-party services without the narrow scope implied by the skill metadata or an explicit trust/privacy warning.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The version history documents a `deliver_to_channel()` capability, confirming that external delivery is an implemented feature rather than incidental wording. This is dangerous because hidden or under-declared exfiltration-capable features in an agent skill can surprise users and downstream systems, especially when presentations may contain confidential business information.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill instructs automatic sending of generated PPTX files back through external chat channels, which expands data flow beyond local file creation. In a document-generation skill, this creates an additional exfiltration surface because user-provided presentation content may be transmitted to third-party messaging systems without a separate trust decision.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The subprocess-based OpenClaw invocation introduces external command execution into a skill whose stated purpose is slide design. Even though the subprocess arguments are list-based, it still creates an unnecessary execution primitive and broadens the attack surface if filenames, environment, or CLI behavior are manipulated by surrounding systems.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The example code automatically attempts to deliver the generated presentation to an external chat/channel, which is outside the stated scope of a PPT-generation skill. This creates an unnecessary exfiltration vector for generated content and metadata, especially in agent environments where examples may be reused as operational code.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Calling an external messaging CLI is a capability escalation relative to the skill's stated purpose of creating presentations. Even though the command arguments are hardcoded, invoking external tooling can leak files to a channel, trigger unintended actions in the host environment, and complicate trust boundaries for a content-generation skill.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The file is presented as a minimal PPT-generation example, but it also attempts to send the output through an external messaging pipeline. This mismatch between stated purpose and actual behavior is security-relevant because users and agents may execute the script expecting only local document creation, resulting in unintended exfiltration or external actions.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: A presentation-design skill does not inherently require subprocess-based message delivery, so adding this capability expands the attack surface without clear justification. In an agent or sandboxed environment, such functionality can be abused to move files outside the expected workflow or trigger unauthorized external interactions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README promotes automatic sending of generated PPTX files to multiple external messaging platforms but does not pair that claim with a clear warning about privacy, retention, or third-party data handling. In the context of a presentation-generation skill, users may reasonably include internal strategy, board, or quarterly review content, making silent or poorly disclosed transmission materially risky.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes creating files and sending them through messaging channels without a clear user-facing warning or explicit consent step. This can surprise users and lead to unintended disclosure of sensitive business content contained in generated presentations.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Automatic transmission of generated files to chat channels can disclose confidential slide content, embedded business data, and user-supplied material to external messaging surfaces by default. In the context of a presentation skill, this is more dangerous because decks often contain strategy, financial, personnel, or board-level information.

Unpinned Dependencies

Low

Category: Supply Chain
Content: python-pptx>=0.6.21 lxml>=4.9.0
Confidence: 92% confidence
Finding: python-pptx>=0.6.21

Unpinned Dependencies

Low

Category: Supply Chain
Content: python-pptx>=0.6.21 lxml>=4.9.0
Confidence: 97% confidence
Finding: lxml>=4.9.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal