ClawHub

raccoon ppt skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it creates PPT decks through a remote API, but users should avoid sending confidential presentation content unless they trust that service.

Install only if you trust the Raccoon PPT API with your presentation prompts and token. Do not use it for confidential business, investor, internal, or regulated content unless that service is approved for such data, and periodically delete the skill's ./output files if saved prompts or download links should not remain on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to inspect and use a sensitive API token from environment variables, including echo-based checks, without a clear user-facing consent or warning about credential access. Even though it avoids printing the raw token value, the workflow normalizes silent credential use and increases the risk of unauthorized secret handling, accidental disclosure in logs, or operation under credentials the user did not intend to expose to this skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs sending user prompts and follow-up content to a remote PPT-generation API, saving task state locally, and returning download links, but it never clearly warns users that their content will leave the local environment. This is dangerous because users may provide confidential business, training, or investor material under the assumption of local-only processing, leading to unintended data exposure to a third-party service.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill enables implicit invocation and pairs it with broad trigger language for general PPT-related requests, which can cause the agent to activate and initiate external actions without clear user confirmation. In this context, the skill can create long-running external jobs and send user-provided content to a third-party PPT service, so overbroad auto-invocation increases the risk of unintended data disclosure or unwanted task execution.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The instructions direct the agent to run a local Python command that triggers external PPT generation, but provide no requirement to disclose this tool execution or obtain informed user consent. This is risky because it hides operational behavior from the user and may transmit sensitive prompt content to external services or consume local/system resources without transparent notice.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference documents sending user-supplied prompt content and metadata (role, scene, audience) to an external PPT generation API, but it does not require any user-facing notice, consent, or minimization guidance before transmission. Because prompts may contain sensitive business, personal, or confidential material, silently forwarding them to a remote service creates a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill persistently stores user prompts, questions, download URLs, and error details in local state and registry files under `./output` without any consent flow, minimization, or permission hardening. In an agent environment, prompts may contain sensitive business, personal, or confidential material, so local plaintext retention increases the risk of unintended disclosure to other users, processes, backups, or logs on the same system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal