Back to skill

Security audit

PPT生成与修改

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local PowerPoint creation/editing skill with expected file writes and no evidence of hidden network, credential, destructive, or persistence behavior.

Install only if you are comfortable with the skill reading selected .pptx files and creating new .pptx, image, and demo log files locally. Keep work in a workspace directory, avoid path-like presentation titles, and treat the crypto/purchase capability labels as unsupported metadata that should be corrected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes functionality that creates and updates .pptx files, which is a file-write capability, but no corresponding permissions are declared. This creates a transparency and policy-enforcement gap: an agent or platform may allow the skill under the assumption it is low-risk, while it can still modify or create files on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.