Ai Ppt Generate.Skip2

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu-powered presentation generator, but it sends presentation inputs and linked resources to Baidu using a BAIDU_API_KEY.

Install only if you are comfortable providing a Baidu API key and sending presentation topics, outlines, and any linked documents or templates to Baidu. Verify the publisher if you expected an official Baidu package, and do not use confidential materials without approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly requires an API key in the environment and invokes external Baidu APIs, but it does not declare corresponding permissions. Missing permission metadata can mislead operators and downstream policy engines about the skill's actual access to secrets and network egress, reducing transparency and control.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill sends user queries and optionally resource file URLs to Baidu APIs, yet the documentation provides no explicit warning that user data will be transmitted to a third party. This creates a privacy and data-governance risk, especially if prompts or referenced files contain sensitive, proprietary, or regulated information.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal