ClawHub

Editable HTML PPT

Security checks across malware telemetry and agentic risk

Overview

This skill edits local HTML, but its optional export can make logged-in web requests and its injector removes browser protections by default, so it needs review before installation.

Install only if you are comfortable using it on local HTML copies and understand that full export may contact external sites referenced by the page using your current browser session. Prefer basic export, use --preserve-csp for untrusted saved pages when possible, and avoid opening or exporting HTML from sources you do not trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The 'full' export path does more than save edited local HTML: it traverses stylesheets and DOM resources, fetches linked assets, rewrites URLs, and can inline remote content into the exported file. That expands the trust boundary from a local editor into a network-capable page mirroring tool, which is risky because exporting a saved page can silently pull in external resources the user did not expect to contact or embed.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The export code uses fetch(..., { credentials: 'include' }) when retrieving linked stylesheets/resources, causing cookies or other ambient credentials to be sent to arbitrary origins referenced by the page. In the context of a local HTML editor, this is unnecessarily dangerous because a crafted saved page can induce authenticated requests to third-party endpoints and exfiltrate private, user-specific content into the exported HTML.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script removes existing meta Content-Security-Policy tags by default before injecting its runtime, which weakens browser-enforced protections on the generated HTML copy. In this skill's context, the input is a local saved HTML file that may contain untrusted scripts or embedded content; stripping CSP can allow active content that the original file intentionally constrained to execute with fewer restrictions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description uses highly generic trigger phrases like 'edit PPT', 'edit HTML', and broad multilingual editor terms that overlap with many normal user requests. This can cause the skill to be invoked in situations outside its intended safe scope, including live websites or unrelated editing tasks, increasing the chance of unsafe file handling or surprising behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The searchable aliases include broad labels such as 'HTML Editor', 'PPT Editor', and 'Presentation Editor' without strong qualifiers. In context, this makes accidental activation more likely and weakens the safeguard that the tool should only operate on saved local HTML copies, not arbitrary web pages or unrelated content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code performs a security-sensitive transformation—removing CSP—but only documents that behavior in the help text, not in the normal success path near the operation. That creates a transparency and safe-defaults issue: users may open the modified HTML believing it is equivalent to the original, without realizing protections were relaxed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal