ClawHub

Consulting Slide Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent slide-generation helper, with the main caveat that its templates fetch Tailwind and fonts from external CDNs during rendering.

Install is reasonable for ordinary slide generation. For confidential, offline, or highly controlled environments, vendor Tailwind and fonts locally or disable outbound network access during rendering, and only convert HTML you generated or reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The template loads Tailwind CSS and Google Fonts from third-party CDNs at render time, which creates an external network dependency and leaks metadata such as IP address, timing, and user-agent to those providers. In a headless Chrome HTML-to-PNG rendering pipeline, this also weakens build reproducibility and creates supply-chain and availability risk if the remote content changes or becomes unavailable.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The template loads Tailwind CSS and Google Fonts from third-party CDNs at render time, which creates an external network dependency for what is described as a local HTML-to-PNG slide generator. In a headless Chrome rendering pipeline, this can leak metadata such as IP, timing, and usage patterns to external services, and it also introduces supply-chain and availability risk if the remote resources are modified, blocked, or unavailable.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The template fetches Tailwind CSS and Google Fonts from external CDNs at render time, which introduces a supply-chain and network-dependency risk into a workflow described as local HTML-to-PNG generation. If the renderer runs in a privileged or internal environment, remote resources can leak metadata, fail unpredictably, or serve altered content that affects generated output and potentially expands the attack surface of headless Chrome.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The template pulls executable/styling dependencies from third-party CDNs at render time, which creates a supply-chain and network-dependency risk. In an HTML-to-PNG pipeline using headless Chrome, compromised CDN content, unexpected version changes, or permissive network access can alter output or introduce active script execution in the rendering environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal