Excel/CSV Master

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned spreadsheet or file-processing skill, with ordinary data-handling risks but no evidence of deception or malicious behavior.

Before installing, use this on copies of important spreadsheets or documents, confirm where outputs are written, and avoid processing sensitive files unless you have permission. Review bulk results on a small sample before running it across many files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises automatic cleaning and transformation actions that can alter datasets, but it does not warn users about irreversible changes, review steps, or preserving originals. In a spreadsheet-processing context, this can lead to accidental corruption, deletion, or overwriting of business-critical data when users rely on automation without safeguards.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages bulk processing of 100+ files and large datasets without any privacy, confidentiality, or integrity warning. Because spreadsheets often contain sensitive financial, HR, customer, or employee data, promoting mass ingestion and consolidation without guardrails increases the risk of unintended exposure, mishandling, or propagation of data errors across many files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal