ClawHub

Ppt Maker Bak

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud video-conversion skill, but it may automatically use NemoVideo credentials or starter credits and send broad prompts and uploaded files to a third-party backend with limited user-facing consent.

Review before installing. Use this only if you are comfortable sending slides, media, prompts, and render requests to mega-api-prod.nemovideo.ai. Prefer a limited NemoVideo token, watch for credit usage, and avoid confidential presentations unless you trust the service and its retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a narrow PowerPoint-to-video converter, but the implementation exposes a much broader cloud media editing surface including uploads, timeline state, SSE-driven edits, and rendering of many media types. This mismatch increases the chance that users or calling systems send data and authorize actions they did not expect, creating a capability-expansion and transparency problem rather than a direct code-execution flaw.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill can automatically use an existing environment token or obtain an anonymous starter token and credits from a third-party backend before handling a request. That introduces credential use and account/resource acquisition beyond the user's apparent request, which can lead to unconsented external account actions, credit consumption, and hidden linkage of user activity to remote identities.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The workflows describe persistent, session-based editing, batch processing, and iterative manipulation, which is broader than a simple one-shot slide-to-video conversion tool. This can mislead users about retention of state, scope of backend processing, and what subsequent actions the skill may perform on uploaded media.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation phrases are very generic, such as 'export' or 'convert my presentation slides,' and can overlap with normal conversation. Overly broad triggers raise the risk of unintended skill activation and accidental transmission of files or prompts to the remote backend.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The catch-all rule routes 'Everything else' to the SSE editing action, meaning ambiguous or unrelated user text may be sent to the backend as an editing command. In a skill that uploads media and performs remote actions, this significantly increases the chance of unintended data disclosure and unauthorized operations triggered by ordinary language.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to establish a backend connection and create a session before handling requests, but it does not clearly warn users that their prompts and uploaded files will be transmitted to a remote third-party service. This is a meaningful privacy and consent issue, especially for business presentations or sensitive slide content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The metadata declares use of the environment variable NEMO_TOKEN, and the instructions say it should be used automatically if present, without a clear user-facing warning. Automatic use of ambient credentials can surprise users, consume paid resources, and cause actions to run under an identity they did not intend to authorize.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal