ClawHub

HTML Slide Editor

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its local HTML editing purpose, but its full export mode can fetch and bundle browser-accessible resources with credentials, and it removes CSP protections by default.

Install only if you are comfortable using it on trusted local HTML files. Prefer basic export, use --preserve-csp when possible, and avoid full export for pages that reference private, authenticated, or intranet resources unless you intend those assets to be embedded in the downloaded HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The export path in full mode walks stylesheets and resources, fetches them, rewrites URLs, and inlines the results into the downloaded HTML. That materially exceeds a local-only HTML editor because it can pull remote content from arbitrary page references, including intranet or authenticated assets, and package them into an output file without a clear trust boundary. In the context of a tool advertised for local HTML slide editing, this scope expansion is more dangerous because users are less likely to expect network-backed data collection during export.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code performs fetch requests with credentials included while exporting resources, which allows the skill to access content available to the user's current authenticated browser session. This can exfiltrate protected page assets into the generated HTML file or cause unintended access to internal resources, which is unjustified for a local slide editor and significantly worsened by the skill's stated local-file use case.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script removes existing meta Content-Security-Policy tags by default before writing the editable HTML copy. Even in a local-editing workflow, stripping CSP weakens browser-enforced protections and can permit active scripts or unsafe resource loading in untrusted HTML that would otherwise be constrained.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description contains broad phrases such as 'HTML PPT', 'PPT editor', 'edit PPT', and 'edit HTML', which overlap heavily with common user editing requests. This can cause unintended invocation, leading the agent to run a file-modifying or code-injecting workflow when the user may have intended a different tool or a non-executive response.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The searchable aliases are very broad, including generic terms like 'PPT Editor', 'Presentation Editor', and 'HTML Editor', without sufficient qualifiers. In an agent environment, this increases the chance of the skill being selected for unrelated requests, potentially causing inappropriate local file handling or HTML injection actions outside the user's intended scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool modifies security policy and writes out a new HTML file without a strong upfront warning that protections are being reduced. In the context of editing saved HTML from potentially untrusted sources, this can increase the risk that opening the modified file executes script or loads resources that the original CSP would have restricted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal