Microsoft Excel
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Excel/OneDrive integration, but it uses a Maton API key and Microsoft OAuth access that can read and modify spreadsheets, so users should review account scope and approve writes carefully.
Install only if you want this agent to access Excel workbooks in your connected Microsoft account. Keep the Maton API key private, connect the correct account, specify the intended connection when multiple accounts exist, and approve write operations only after checking the exact target and change.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to the wrong Microsoft account or overbroad permissions are granted, the agent may access or act on unintended Excel/OneDrive data.
The skill relies on delegated Microsoft OAuth access through Maton, which is expected for an Excel integration but gives the agent access to the connected account's permitted workbook data.
Maton proxies requests to `graph.microsoft.com` and automatically injects your OAuth token.
Connect only the intended Microsoft account, use the documented `Maton-Connection` header when multiple connections exist, and revoke unused connections.
Approved write operations could change or delete important spreadsheet data.
The skill can perform high-impact mutations to spreadsheets and files, but it discloses this and instructs the agent to obtain approval before writes.
**All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Before approving any write, verify the workbook path or file ID, worksheet/range, and exact intended change.
Spreadsheet requests and responses may pass through Maton's API gateway rather than going directly from the agent to Microsoft Graph.
Workbook API requests are routed through a third-party gateway using a sensitive API key; this is disclosed and central to the managed OAuth design.
All requests require the Maton API key in the Authorization header: `Authorization: Bearer $MATON_API_KEY`
Use this only if you trust Maton with the connected Microsoft Excel workflow and protect the `MATON_API_KEY` like a password.