PPT Translator

Security checks across malware telemetry and agentic risk

Overview

This skill appears aligned with translating user-provided PowerPoint files, with some documentation overstatement but no evidence of hidden or harmful behavior.

Install only if you are comfortable letting the agent process presentation text and rendered slide images through your configured translation/Vision workflow. Treat the layout-preservation guarantee as dependent on the calling agent actually performing verification and retries, not solely on this script.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill invokes shell-capable tooling (`python3 scripts/translate.py`, plus installation/use of LibreOffice) but does not declare permissions accordingly. This creates a transparency and control gap: a host agent may execute local commands or access local files without the expected permission gating, increasing risk when handling user-supplied PPTX paths and external tool invocation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal