ClawHub

Slidev Assist

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for making Slidev presentations, but it asks the agent to automatically install npm packages, modify project files, process arbitrary documents or URLs, and start previews without strong user-control warnings.

Install only if you are comfortable with the agent reading the materials you provide, fetching linked content, modifying the working directory, installing npm dependencies, and starting a local Slidev preview. Use a dedicated project folder, avoid confidential documents or internal URLs unless you trust the environment, and require explicit approval before npm install, npx, export, or --remote preview steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are broad enough that ordinary user requests could accidentally activate the skill for substantive actions like file processing, dependency installation, preview startup, and export. In an agent setting, ambiguous triggers can cause unintended execution paths and surprise users with network access or local system changes they did not clearly authorize.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The claim '你给什么,我就能做什么' implies extremely broad, underspecified capability and encourages over-delegation by users and orchestrators. In a skill environment, this can blur scope boundaries, making it easier for the agent to treat arbitrary content or requests as permission to process sensitive data or invoke tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes a workflow that generates files, runs 'npm install', invokes 'npx slidev', starts a local preview server, and exports artifacts, but it does not warn users that these steps modify the environment and execute external code. This is dangerous because package installation and build tooling can trigger network access and arbitrary install-time scripts, creating real supply-chain and system-change risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises fetching external web/PDF content and processing it into presentations without any privacy, provenance, or network-use warning. This can lead users to submit sensitive URLs or documents without understanding that remote retrieval, parsing, and possible third-party dependency handling may expose confidential information or ingest untrusted content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states it will automatically install and start Slidev without a prominent upfront warning or explicit opt-in. Automatic command execution and dependency installation can alter the host environment, consume network resources, and expose users to package supply-chain risk if performed implicitly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages users to provide PDFs, Excel files, PPTX files, and web links for parsing, but does not warn how uploaded content and fetched URLs will be handled. Without a privacy and data-handling notice, users may unknowingly expose sensitive documents or internal links to processing beyond their expectations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description grants the skill a very broad scope by stating it accepts 'a topic or any raw materials' including reports, data, copy, and PPTX, without defining activation boundaries, trusted input sources, or safety constraints. In an agent setting, this increases the chance the skill is invoked on untrusted or adversarial content, which can lead to prompt injection, unsafe file handling, or inappropriate processing beyond the user's intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically initializes an npm project and installs a package in the target directory without any confirmation, dry-run mode, or prominent warning. In a skill that processes arbitrary user material and may be run in existing workspaces, this can unexpectedly modify files such as package.json and package-lock.json and trigger network-dependent dependency installation, which is risky from a supply-chain and workspace-integrity perspective.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal