ClawHub

Li ETL Handle

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet tool is mostly coherent, but it needs review because it can run unrestricted JavaScript and exposes sensitive spreadsheet contents through logs while using a known vulnerable Excel parser.

Review before installing. Use it only with trusted spreadsheet files and trusted transformation functions, avoid processing sensitive data unless logging is disabled or controlled, and do not rely on the bundled security reports as proof that the xlsx dependency or unrestricted script execution risks have been technically fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document explicitly acknowledges dangerous code execution capability and known high-severity dependency vulnerabilities, yet still concludes the skill meets publication standards and recommends release. This can mislead reviewers into approving or deploying an unsafe skill before required fixes are completed, increasing the chance that exploitable functionality ships to users.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The checklist correctly marks dependency upgrade and security guidance as required before release, but the surrounding report still recommends publishing. This contradiction undermines security gates and can cause operators to ignore mandatory remediation, allowing known vulnerable components and risky execution features to be released.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document makes a contradictory security claim: it states all high-priority issues are fixed and the skill is ready for release, while earlier admitting the xlsx dependency still has two high-severity vulnerabilities. Treating documentation and user warnings as a sufficient fix can mislead reviewers and users into trusting a package with unresolved known risks.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill exposes executeScript(data, scriptFn), which directly executes caller-supplied JavaScript over spreadsheet rows. In an agent skill context this enables arbitrary code paths chosen by the caller, far beyond ordinary Excel automation, and can be abused to access process state, mutate data unexpectedly, or chain into other dangerous runtime capabilities depending on how the host invokes skill functions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The writeLog helper prints full row contents with JSON.stringify, which can expose entire spreadsheet records to console or centralized logs. Because this skill processes Excel/CSV data that may include personal, financial, or business-sensitive information, unrestricted debug logging increases the chance of unintended data disclosure.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The test suite explicitly validates an `executeScript` feature that runs a caller-supplied function over data rows. In a data-processing/excel utility context, exposing arbitrary script execution materially increases the chance that untrusted workflow inputs, plugins, or future integrations could become code-execution paths, leading to remote code execution or full process compromise if user-controlled callbacks are ever accepted across trust boundaries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README documents meaningful safety constraints only in the Chinese section, while the English, French, German, and Japanese sections omit warnings about arbitrary JavaScript execution via executeScript, risky file writes, and handling untrusted Excel files. In a multilingual skill, inconsistent safety guidance can cause non-Chinese-speaking users to unknowingly use dangerous features in unsafe ways, increasing the chance of code execution or unsafe processing of untrusted inputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This logging code outputs raw row contents without any masking, minimization, or user warning. In the context of spreadsheet automation, where inputs commonly contain PII or confidential business records, this creates a straightforward confidentiality risk through console output and downstream log retention systems.

Natural-Language Policy Violations

Low
Confidence
98% confidence
Finding
The lockfile pins package tarball URLs to plain HTTP endpoints, which permits man-in-the-middle tampering of dependency downloads if the network path or mirror is compromised. Although integrity hashes provide some protection, using insecure transport for the package source is still a supply-chain risk and can also expose metadata or enable downgrade and mirror-trust issues depending on installer behavior and environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal