ClawHub

AIPPT生成

Security checks across malware telemetry and agentic risk

Overview

The skill generates PPTs as advertised, but it sends user/chat metadata and a hidden device-derived identifier to an external PPT service.

Review before installing. Use only if you are comfortable sending PPT topics, generated outlines, reporter names, sender/chat/channel metadata, and a stable host-derived hashed identifier to ai.mingyangtek.com and external OSS download links. A safer version would remove MAC-address use, minimize chat metadata, document third-party retention and access controls, and ask for explicit privacy consent before the first API call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill performs outbound network operations to third-party services but does not declare that capability in its permissions or safety contract. Hidden or undeclared network access weakens reviewability and user trust, and it can enable silent data transmission beyond what users reasonably expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior extends beyond PPT generation by transmitting user and chat metadata externally, and the finding indicates device-related identifier generation as well. This is dangerous because it creates a privacy and tracking surface not clearly aligned with the stated user-facing purpose, enabling fingerprinting or unnecessary identity correlation across sessions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented API requires forwarding conversation identity metadata (user ID, sender name, chat ID, channel) to a third-party PPT service even though those fields are not necessary to generate presentation content. This creates unnecessary data exposure, enables cross-system tracking of users and conversations, and increases privacy/compliance risk if the external service stores or correlates this metadata.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code derives a persistent identifier from the host machine MAC address and combines it with the user sender_id before sending it to an external service. A hardware-derived identifier is unnecessary for PPT generation and increases privacy risk by enabling cross-session and cross-user device correlation, especially when the skill runs on shared infrastructure.

Missing User Warnings

High
Confidence
96% confidence
Finding
The workflow instructs sending user identifiers and message-context metadata to an external API without a clear privacy disclosure or consent checkpoint. Because the skill is presentation-generation focused, this data transfer is more dangerous in context: users may not expect sender IDs, chat IDs, and channel metadata to be forwarded to a third party just to create a PPT.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs clients to transmit user-identifying metadata to an external endpoint without any privacy notice, consent flow, or warning about third-party disclosure. In a chat-integrated skill, this makes silent leakage of conversation-linked identifiers more likely and can violate internal privacy expectations or regulatory requirements.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The client sends user identifiers, sender name, chat ID, and channel in HTTP headers to an external API without any visible consent, disclosure, or minimization. This exposes conversation metadata to a third party and can leak organizational or personal information beyond what is needed for PPT generation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill reads the host MAC address to create a derived identifier without any warning or clear operational necessity. Collecting a device identifier is privacy-invasive and particularly risky in agent environments, where the MAC may identify the host or shared worker rather than the actual end user.

Ssd 3

Medium
Confidence
93% confidence
Finding
These steps explicitly direct the agent to forward user/context identifiers to an external service as part of normal operation. Even if functional, this creates a privacy and data-governance risk because identifiers tied to a conversation can be collected, retained, or correlated by the external provider.

Ssd 3

Medium
Confidence
97% confidence
Finding
The global instruction mandates that all API calls include user identity and chat metadata, making external disclosure systemic rather than incidental. This broad requirement magnifies the risk of persistent user tracking, cross-conversation correlation, and noncompliant handling of personal data across every operation in the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal