ClawHub

aippt

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates PPTs through a third-party AIPPT service, but users should avoid sending sensitive content and protect their access token.

Install only if you are comfortable sharing generated presentation content with the jcppt/AIPPT service. Do not use confidential, regulated, or proprietary documents unless that provider is approved for the data, and keep AIPPT_ACCESS_TOKEN out of prompts, source control, logs, and screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill requires an access token and instructs running Python scripts that call external services, but it does not declare explicit permissions despite using environment access and network-capable behavior. This weakens platform trust boundaries and can lead to unintended token exposure or unreviewed outbound data transfer, especially because user-provided content and possibly parsed file contents may be sent to a third-party PPT service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The skill description promises broad local processing of user requirements and multi-format file inputs, but the documented behavior is mainly selecting templates and sending Markdown content to an external API. This mismatch is security-relevant because users may provide sensitive files or trust that richer input handling occurs safely, while the actual implementation may omit validation, omit coverage of claimed processing steps, and transmit transformed content to a third party under misleading expectations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to obtain and configure an ACCESS_TOKEN in an environment variable but provides no guidance on treating the token as a secret, avoiding commits/logging, or using least-privilege handling. In an agent skill context, this increases the chance that users expose credentials in shared configs, screenshots, prompts, or repositories, which could allow unauthorized use of the AIPPT account or API.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly sends full user-provided Markdown content to a third-party API to generate PPTs, but the documentation provides no privacy notice, consent flow, data minimization guidance, or handling expectations for sensitive content. In this skill context, users may upload business, personal, or confidential presentation material, so silent external transmission materially increases the risk of privacy violations, data leakage, and compliance issues.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-supplied Markdown content to an external third-party service without any visible consent, warning, or data-classification controls. If users include sensitive business or personal information in the Markdown, this can cause unintended data exfiltration to the remote API endpoint.

External Transmission

Medium
Category
Data Exfiltration
Content
### 请求示例
```bash
curl --location 'https://ppt-api.7niuai.com/openclaw/generate_by_content' \
--header 'token: ODk4Nzg2YMjRmNDM=' \
--header 'Content-Type: application/json' \
--data '{
Confidence
96% confidence
Finding
curl --location 'https://ppt-api.7niuai.com/openclaw/generate_by_content' \ --header 'token: ODk4Nzg2YMjRmNDM=' \ --header 'Content-Type: application/json' \ --data

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal