ClawHub

HTML PPT Editor / Slide Mender

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for local HTML slide editing, but its full export mode can use browser credentials to fetch and embed remote assets without a clear user warning.

Install only if you are comfortable using it on saved local HTML copies. Prefer basic export for sensitive or authenticated content. Use full export only when you understand that referenced remote assets may be fetched with your current browser session and embedded in the downloaded file; consider preserving CSP for untrusted pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Full export mode fetches external stylesheets and resources from the page context with credentials included, then inlines them into the downloaded HTML. On a saved local copy or authenticated page, this can silently pull protected remote content into the export, causing unintended data exfiltration into the downloaded file and expanding the skill beyond its stated local-editing purpose.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description includes broad triggers such as 'edit HTML', 'HTML 编辑', and 'PPT editor', which can match many generic editing requests outside the intended narrow scope of local saved HTML slide files. This can cause the skill to be invoked in contexts involving arbitrary web content or unrelated editing tasks, increasing the chance of unsafe application or accidental processing of live websites despite the later warning not to target them directly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The searchable aliases list very generic terms like 'HTML Editor', 'PPT Editor', and 'Presentation Editor' without preserving the constraint that this skill is only for local HTML copies. Overbroad discovery increases the likelihood of activation for unrelated tasks and can steer users toward injecting editing runtime into inappropriate targets, including content that should not be modified through this workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This script removes existing meta Content-Security-Policy tags by default before injecting its editor runtime, which weakens browser-enforced protections for the generated HTML copy. In the context of editing potentially AI-generated or untrusted local HTML, disabling CSP can allow inline scripts or other active content in the document to execute more freely, increasing the risk of script execution or data exfiltration when the edited file is opened.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal