ClawHub

一键生成PPT截图和缩略图工具发布到微信去的工具,MAC版本

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it converts a local PPT into images and creates a WeChat draft, but users must understand that the PPT-derived images and WeChat credentials are involved.

Install only if you intend to upload PPT-derived images to a WeChat official account. Use a dedicated or scoped WeChat credential if possible, do not leave real secrets in shared config files, keep the output folder free of unrelated PNGs, verify LibreOffice and Ghostscript paths, and review the WeChat draft before publishing it publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill uploads locally processed slide images and article content to WeChat APIs, but there is no manifest, consent flow, or clear runtime disclosure that local files will be transmitted to an external service. In an agent-skill context, hidden remote publication/export is dangerous because it can exfiltrate proprietary presentation content and associated account credentials or metadata.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation example is broad enough that an agent could trigger the skill whenever a user mentions PPT conversion or WeChat publishing, without a strong confirmation boundary. Because the skill also handles local files and requests WeChat credentials, over-broad activation increases the chance of unintended file processing or prompting for sensitive secrets in contexts where the user did not explicitly intend to run this workflow.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill is designed to publish generated content to WeChat and asks the user to provide app credentials, but it does not present a clear warning that files and derived images will be transmitted to an external platform. This creates a significant privacy and secret-handling risk: users may expose confidential slide content or provide long-lived credentials without understanding where data is sent or how the credentials are used and stored.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code uploads image files and uses WeChat credentials without presenting any user-facing warning that local content will leave the machine. In a skill environment, this silent external transmission is risky because users may reasonably expect local document conversion, not outbound sharing of slide contents to a third-party platform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal