Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/build-preview-gallery.mjs:28
Security audit
web-pptx-generator
Security checks across malware telemetry and agentic risk
Overview
This is a local HTML slide generator, and the reviewed scripts are aligned with that purpose without evidence of credential use, persistence, exfiltration, or destructive behavior.
Reasonable to install for local HTML slide generation. Keep generated files in a project folder, preview only trusted or skill-generated HTML, verify any CHROME_BIN override before rendering previews, and install the optional global preview package only if you need that feature.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
Detected: suspicious.dangerous_exec
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/chrome-utils.mjs:27
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/generate-theme-gallery.mjs:34
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/smoke-test.mjs:13