Skills
skills/openclaw/skills/slidespeak/Gen Agent Trust Hub

slidespeak

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: CRITICALDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis

The skill is granted 'Bash', 'Read', and 'Write' permissions, allowing it to execute shell commands and access the file system. The primary concern is the execution of 'node scripts/slidespeak.mjs'. The source code for 'slidespeak.mjs' is not provided, making it an unverified dependency. This black-box execution means any malicious behavior within this script would be undetectable by this analysis.

CRITICAL: Data Exfiltration

  • The skill explicitly allows uploading arbitrary local files via 'node scripts/slidespeak.mjs upload /path/to/document.pdf'. While intended for documents, an attacker could craft a prompt to upload sensitive files (e.g., '/.aws/credentials', '/.ssh/id_rsa') to the SlideSpeak API ('https://api.slidespeak.co').
  • The skill also allows subscribing to webhooks with an arbitrary URL via 'node scripts/slidespeak.mjs webhook-subscribe --url "https://your-webhook.com/endpoint"'. This enables the skill to send task completion notifications (which could potentially be linked to sensitive data) to any attacker-controlled server. This is a direct network operation to an unverified external domain.
  • The combination of arbitrary file reading and arbitrary network requests to unverified endpoints constitutes a critical data exfiltration risk.

HIGH: Command Execution

  • The skill explicitly uses 'allowed-tools: Bash' and executes 'node' commands. Given that the 'slidespeak.mjs' script is unverified, there's a high risk of arbitrary command execution if the script itself is malicious or contains vulnerabilities (e.g., command injection in its argument parsing).

HIGH: Credentials Unsafe

  • The skill requires the 'SLIDESPEAK_API_KEY' environment variable. If the unverified 'slidespeak.mjs' script is malicious, it could exfiltrate this API key.
  • Furthermore, the ability to upload arbitrary files means that files containing other sensitive credentials (e.g., AWS credentials, SSH keys, '.env' files) could be exfiltrated from the user's system.

INFO: Indirect Prompt Injection

  • As the skill processes user-provided text and document content, there's an inherent risk that malicious instructions embedded in these inputs could influence the underlying API or LLM if not properly sanitized. This is a general risk for skills that process external content.

No obfuscation, prompt injection (beyond the general indirect risk), privilege escalation, persistence mechanisms, or time-delayed attacks were directly detected in the provided skill files. The reference to 'https://github.com/clawdbot/skills/commit/...' in '_meta.json' is noted but does not directly contribute to the critical verdict as it's a commit reference, not a direct download of unverified code.

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 12, 2026, 10:04 AM