ClawHub

HTML Presentation Editor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local HTML slide editor, but its optional full export can use browser-authenticated fetches to bundle page resources into the downloaded file.

Review before installing if you handle private or logged-in web content. Prefer basic mode, avoid full export for saved pages that reference authenticated resources, and use --preserve-csp when editing untrusted or sensitive HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The exporter’s full-mode logic does more than save a local edited HTML file: it clones the live document, inlines stylesheets, rewrites URLs, and bundles page resources into the output. That broadens the skill from a local slide editor into a page-harvesting/export tool, which can capture remote content and authenticated page state beyond what users would reasonably expect from the stated purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The full export path fetches stylesheets with `credentials: "include"`, causing authenticated requests to be made to URLs referenced by the current page. In a live web context, this can pull protected resources into the exported artifact and extend the skill’s reach into authenticated content collection unrelated to basic slide editing.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The resource bundling code iterates through many element types and CSS URLs, fetches arbitrary remote assets, and embeds them as data URLs in the exported HTML. On a live document this can exfiltrate a large portion of page content, including protected images, styles, and other resources, into a downloadable file without strong origin or context restrictions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description uses broad trigger phrases like 'edit PPT', 'edit HTML', and generic editing intents that overlap with many ordinary user requests. This can cause the skill to be invoked unexpectedly in contexts beyond local HTML slide editing, increasing the chance it processes the wrong file or performs injection on unsuitable content.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The searchable aliases include highly generic terms such as 'HTML Editor', 'PPT Editor', and 'Presentation Editor', which are likely to collide with unrelated editing tasks. Overbroad invocation increases the risk of accidental activation and misuse of a tool that injects scripts into HTML copies, especially when users did not intend to use this specific workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Draft save stores patches plus page title and URL in `localStorage` without a prominent disclosure at the point of collection. This creates a privacy leak on shared machines or sensitive documents because edited content metadata persists locally even if the user expects a temporary in-browser editor.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script strips existing meta Content-Security-Policy tags by default before injecting inline JavaScript into the HTML. This weakens browser-side protections for the generated file and can make any existing script injection issues in the HTML more exploitable, especially since the tool is intended to open edited files in a browser.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal