ClawHub

Presentation Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Markdown-to-slides converter, but it runs local rendering tools and should be used only with trusted Markdown and assets.

Install/use this only if you are comfortable running local Marp and Mermaid renderers. Convert Markdown and assets you trust, review embedded HTML and local file references in third-party decks, and do not let the graph-generation step execute code supplied by an untrusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly instructs shell execution and file creation (`bash scripts/md2slide.sh`, generating CSS in `/tmp/`, preprocessing Mermaid), yet it declares no permissions or capability boundaries. This is dangerous because downstream orchestration may invoke the skill without appropriate sandboxing or user awareness, increasing the chance of unintended command execution or filesystem writes.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The instruction to generate graphs via `exec` expands the skill from document conversion into arbitrary code execution. If user-controlled data or prompts influence what gets executed, this can lead to command injection, unauthorized local access, or abuse of the host environment well beyond rendering slides.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script writes attacker-controlled Mermaid content to disk and feeds it to an external CLI renderer, which may parse complex diagram syntax and potentially trigger vulnerabilities in Mermaid CLI or its headless browser stack. In this skill context, users are expected to supply Markdown, so untrusted input reaching a renderer is normal and increases the attack surface substantially.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script processes untrusted Markdown through Python preprocessing and then renders it with Marp using both --html and --allow-local-files. In a skill explicitly designed to convert user-supplied Markdown, this expands the attack surface: embedded HTML/local file references in Markdown may be rendered into output, potentially exposing local files or creating active content in generated HTML/slides depending on downstream viewer behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal