Back to skill

Security audit

Ai Ppt Generator 1

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Baidu AI presentation generator, but users should know their PPT topics or supplied content are sent to Baidu's service.

Install only if you are comfortable using Baidu AI for presentation generation. Use a dedicated Baidu API key where possible, and avoid entering confidential, regulated, or proprietary material unless your organization allows sending it to Baidu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill metadata declares runtime requirements for environment variables and binaries, and the workflow clearly instructs running Python scripts that call an external API, yet there is no explicit permissions declaration to inform or constrain those capabilities. This creates a transparency and governance gap: users and platforms may not realize the skill can access secrets, execute shell commands, and make network requests, increasing the risk of unintended data exposure or unsafe execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description and usage guidance do not warn that the user's PPT topic and possibly embedded content are transmitted to Baidu's external AI service. Users may provide confidential business plans, internal reports, educational material, or other sensitive data without informed consent, leading to privacy, compliance, or third-party data handling risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.