ClawHub

Md To Pptx

Security checks across malware telemetry and agentic risk

Overview

This is a small Markdown-to-PowerPoint converter whose local file and tool use is disclosed and fits its purpose.

Install only if you are comfortable with generated PPTX files being saved to your active Obsidian vault by default. Provide an explicit output path if you want the file elsewhere, and make sure the local LibreOffice or Pandoc executable on your PATH is trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and demonstrates file read, file write, and shell execution behaviors, but does not declare any permissions or constraints for those capabilities. This creates a transparency and policy-enforcement gap: an agent may invoke filesystem and shell operations without explicit user-visible authorization boundaries, increasing the chance of unintended file access or command execution.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script reads the user's Obsidian configuration from the home directory and automatically redirects output into the active vault without explicit user consent at runtime. For a generic converter, this expands access to unrelated local application data and can cause sensitive notes repositories to be modified unexpectedly.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance includes broad triggers like requests for presentation-format output, which could cause the skill to activate for general presentation tasks beyond straightforward markdown-to-pptx conversion. Over-broad routing increases the risk of the agent selecting this skill in contexts where file conversion, shelling out to external tools, or writing into a default vault was not what the user intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill defines a default behavior that writes output into a specific Obsidian vault path, but the warning is buried in descriptive text rather than presented as an explicit user-facing confirmation requirement. This can lead to silent or surprising writes into a sensitive knowledge-base directory, especially if the user expected output in the current folder or a temporary location.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Reading Obsidian configuration from the user's home directory is a privacy-sensitive action that is not surfaced clearly by the tool's core conversion behavior. Even though the data accessed is limited, hidden inspection of local app configuration reduces transparency and violates least surprise.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal