ClawHub

Text to PPT

Security checks across malware telemetry and agentic risk

Overview

This skill coherently turns user-provided text, files, notes, or URLs into HTML slide decks, with disclosed but nontrivial privacy considerations around URL fetching, sub-agents, external CDNs, and the default save folder.

Install only if you want an agent to create executable HTML slide decks from your content. Use pasted text or local files for sensitive material, change the default save path if the listed Obsidian vault is not appropriate, and remember that generated decks load third-party CDN resources when opened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly allows fetching arbitrary user-provided URLs via `web_fetch`, which expands a local document-to-presentation transformation skill into a network-capable retriever. That increases exposure to server-side request abuse, retrieval of sensitive internal resources, and unreviewed external data ingestion without clear scope limits or user confirmation.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to save output automatically to a hard-coded vault path in the user's filesystem, which exceeds the narrow task of generating a presentation. Writing to a fixed location can cause unintended data placement, overwrite risks, privacy issues, and surprising side effects outside the user's immediate request.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The template imports executable JavaScript and styles from multiple third-party CDNs at render time, which creates a supply-chain and privacy risk: a compromised CDN, dependency update, or hostile network environment could inject code into every generated presentation. In the context of a text-to-presentation skill, this expands behavior beyond local rendering and makes opening the HTML presentation dependent on unpinned external services.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough to match many ordinary requests about slides or presentations, increasing the chance of unintended invocation. In context, that matters because the skill also performs file reads, URL fetches, multi-agent generation, and filesystem writes, so accidental activation can lead to side effects beyond simple formatting help.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs saving generated output to a fixed vault path without warning or asking the user first. Silent persistence to local storage is risky because it may disclose sensitive content into synced note repositories, create unwanted files, or overwrite expected workflows without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill permits fetching user-provided URLs but does not warn that this causes external network access. That can surprise users, leak metadata through outbound requests, and enable retrieval from unsafe or internal endpoints if the surrounding platform does not enforce strict network boundaries.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal