ClawHub

1、不依赖任何第三方 PPT 服务; 2、给可以自行上传ppt模板和内容资料,约束让大模型根据上传的内容生成最终的成品 3.自动导出生成.pptx格式的文件

Security checks across malware telemetry and agentic risk

Overview

This PPT generator is mostly purpose-aligned, but it uses risky local execution and setup paths that users should review before installing.

Install only if you are comfortable running local Python and Node tools on the documents you provide. Use a virtual environment or container, avoid `check_env.py --fix` on a system Python, do not process confidential decks unless the configured LLM path is trusted, and keep validation enabled except for already-validated local test plans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"\n  Installing: {', '.join(to_install)} ...\n")
    cmd = [sys.executable, "-m", "pip", "install"] + to_install + ["--break-system-packages"]
    result = subprocess.run(cmd)
    if result.returncode == 0:
        print("\n  ✅  Installation complete. Re-run check_env.py to verify.")
    else:
Confidence
88% confidence
Finding
result = subprocess.run(cmd)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f.write(script_content)
            tmp_path = f.name

        result = subprocess.run(["node", tmp_path], capture_output=True, text=True, timeout=120)

        if result.returncode == 0:
            for line in result.stdout.strip().split("\n"):
Confidence
89% confidence
Finding
result = subprocess.run(["node", tmp_path], capture_output=True, text=True, timeout=120)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The script automatically invokes an external content-extraction tool on a user-supplied PPTX and captures the resulting full text into output. In a skill that may process uploaded documents or templates, this expands the trust boundary to the markitdown parser and can expose sensitive slide contents or trigger parser-level issues when handling malicious files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function extracts and returns up to 3000 characters of PPTX content without any visible consent gate, warning, or minimization beyond truncation. In this skill context, uploaded presentations or templates may contain confidential business data, so automatic extraction into logs, downstream prompts, or analysis output can create unintended data disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Auto-install mode modifies the host Python environment immediately when --fix is supplied, without any confirmation prompt or strong warning. In a skill context, this is more dangerous because users may run helper scripts expecting diagnostics only, but the script can install packages and potentially break system-managed Python environments due to --break-system-packages.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal