Deck Web Converter

Security checks across malware telemetry and agentic risk

Overview

This is a local deck-to-HTML converter whose file reading and HTML output behavior matches its stated purpose, with normal confidentiality and overwrite cautions.

Install dependencies in a virtual environment, convert only decks you are allowed to redistribute, and review the generated HTML before emailing, hosting, or sharing it because it may include all extracted text and images from the source deck. Choose output paths deliberately to avoid overwriting an existing HTML file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README emphasizes that the tool produces a single self-contained HTML file that is easy to share, but it does not warn users that sensitive deck or PDF contents will be extracted and embedded into that HTML in a portable form. This can lead to accidental redistribution of confidential business, financial, or personal information, especially given the skill's explicit sharing-focused use cases like email, QR code, and browser distribution.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill instructs the agent to save a generated file beside the input file without requiring an upfront confirmation that disk writes will occur. In agent environments, silent writes can surprise users, overwrite expected locations, or create files in sensitive/shared directories if the provided path points there.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal