ClawHub

HTML PPT Editor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local HTML slide editor, but it needs review because its generated editor can weaken CSP protections and full export can make credentialed network requests to URLs referenced by the page.

Install only if you understand that this creates an active editable copy of your HTML. Use it on trusted local files, prefer basic export, use --preserve-csp when possible, and avoid full export on saved pages from logged-in or sensitive websites unless you are comfortable with the browser contacting and bundling referenced resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
In full export mode the skill clones the page, reads stylesheets, fetches linked CSS and media, rewrites URLs, and can inline remote resources into the exported HTML. That expands the trust boundary from a local HTML editor into a network-capable page archiver, which can silently contact third-party origins and package remote content the user did not expect to access or redistribute.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The export path uses fetch() with credentials included to retrieve linked resources. On a saved copy of an online page, this can trigger authenticated requests to third-party or original-site endpoints during export, creating privacy leakage and unexpected network side effects inconsistent with a local-only editor.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
By default, the script strips existing meta Content-Security-Policy tags from the user-provided HTML before injecting inline scripts. This weakens the page's browser-enforced protections and can enable active content in the edited copy that the original file intentionally constrained. In the context of opening arbitrary saved HTML locally, that increases risk if the input HTML is untrusted or contains hostile script behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description contains broad triggers such as 'edit HTML', 'PPT editor', and 'slide editing' that overlap with many ordinary user requests. This can cause the skill to be invoked in situations beyond its safe scope, increasing the chance it operates on unintended files or workflows, especially since it injects code into HTML copies.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The searchable aliases include very generic terms like 'HTML Editor', 'PPT Editor', and 'Presentation Editor', which are likely to match many unrelated editing tasks. That broad matching makes accidental invocation more likely and is riskier here because the skill performs transformation/injection on user HTML files rather than offering a harmless read-only action.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The injected output includes active editor scripts and may be produced after removing CSP protections, yet the tool only prints a generic usage note without warning that the resulting HTML has weakened security properties. Users may open the modified file assuming it is equivalent in trust and isolation to the original, increasing the chance of unsafe handling of untrusted HTML.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal