ClawHub

Ppt Afp

Security checks across malware telemetry and agentic risk

Overview

The skill does create PPTs as advertised, but it also defaults to external sharing and uses unsafe network settings that users should review first.

Install only if you are comfortable with presentation content being processed by external image-generation services and potentially sent through Feishu. Before using it, remove the TLS-disabling environment variable, verify the referenced helper scripts, change Feishu sending to explicit opt-in, and confirm the recipient before any file is uploaded or sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill instructs using API credentials sourced from the user's shell environment and explicitly references ~/.zshrc, which exposes a sensitive local configuration path and encourages the agent to access secret-bearing files. While image generation may legitimately require an API key, directing the workflow toward shell startup files is broader than necessary and increases the chance of unintended secret disclosure or reuse beyond the task.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The command disables TLS certificate verification via NODE_TLS_REJECT_UNAUTHORIZED=0 during networked image generation. This makes HTTPS connections vulnerable to man-in-the-middle interception or tampering, which is especially dangerous here because the workflow sends prompts/content to an external provider and may handle API credentials.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill advertises broad trigger phrases like 'help me make a PPT' and similar generic requests, which can cause it to activate on ordinary presentation-assistance conversations where the user did not intend full automation. In this skill, accidental activation is more dangerous because the workflow includes external sharing to Feishu and execution of local scripts, so overbroad triggering can lead to unintended data handling or actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger section includes intent-based activation such as 'provided content and wants it turned into PPT,' which is ambiguous and can match many normal user interactions without explicit consent to run this automation. Because the skill performs multi-step file processing and external transmission, ambiguous activation meaningfully raises the risk of surprise execution and privacy-impacting actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description says the generated PPTX will be sent via Feishu by default, but it does not clearly warn that user-supplied content will be transmitted to an external service. This weakens informed consent and is more concerning in this context because PPT material often contains internal business, educational, or confidential information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions direct the agent to share an external Feishu document link and later use an API-based file-send flow, but they do not include an explicit data-handling or privacy warning. In a content-generation pipeline, this omission can cause users to unknowingly expose sensitive subject matter, generated assets, or final documents to third-party platforms.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal