ClawHub

HTML PPT Editor / Slide Mender

Security checks across malware telemetry and agentic risk

Overview

This skill is a local HTML slide editor that creates an editable copy and does not show evidence of network exfiltration, credential use, or hidden destructive behavior.

Install this for trusted local HTML slide decks or saved presentation pages. Avoid using it on live websites, authenticated pages, or HTML files containing secrets, because the editable copy embeds the original HTML as an export baseline and the runtime edits whatever document it is injected into.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The draft feature serializes page-specific patches and saves them together with document title and page URL. That exceeds the stated role of a local HTML editor and creates a persistence channel for sensitive page content and browsing context, especially if the runtime is injected into arbitrary pages.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The runtime starts by scanning and enabling editing over the current page DOM, without technical enforcement that the page is a saved local HTML file. In the skill context, this broad scope is more dangerous because it conflicts with the description's 'do not use for live websites' guidance and allows interaction with arbitrary page content if injected there.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description uses very broad trigger language such as generic HTML editing and layout-adjustment phrases, which can cause the agent to invoke this skill for requests outside its intended safe scope. That increases the chance of misrouting ordinary source-editing tasks into a tool that transforms local HTML and injects editor runtime, potentially leading to unintended file modification workflows or unsafe handling of untrusted HTML.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal