Back to skill

Security audit

Google Sheet API

Security checks across malware telemetry and agentic risk

Overview

This is a Google Sheets command-line skill whose credential use and sheet-editing powers match its stated purpose, though users should treat it as capable of destructive edits.

Install only if you intend to let the agent read and modify Google Sheets shared with the configured service account. Use least-privilege service account access, keep credential files private, and test destructive commands on a copy before using them on important spreadsheets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documents capabilities that rely on environment-variable access and outbound network access to Google APIs, but it does not declare permissions accordingly. This can cause users or an execution framework to underestimate the skill's reach, especially since it also handles sensitive credential material via environment variables and local key files.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The documented commands include destructive operations such as write, clear, batchWrite, deleteSheet, renameSheet, merge/unmerge, and raw batch updates without an explicit warning about irreversible data loss or corruption. In an automation context, this increases the risk of accidental destructive execution against production spreadsheets.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill describes multiple ways to supply service account credentials, including inline JSON and local key files, but does not give a strong user-facing warning about secret exposure, shell history leakage, accidental commits, or insecure file permissions. Because these are long-lived cloud credentials, mishandling can enable unauthorized access to any spreadsheets shared with the service account.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.