ClawHub

Pans Excel

Security checks across malware telemetry and agentic risk

Overview

This is a useful local Excel tool, but it includes an unsafe data parser that can execute Python code from crafted command input.

Review or patch scripts/excel.py before installing: remove the eval() fallback and accept only strict JSON or safe literal parsing with validation. Use copies of important spreadsheets, avoid untrusted --data values, and check output paths because some commands modify the original workbook.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

eval() call detected

High
Category
Dangerous Code Execution
Content
def load_data(s):
        try: return json.loads(s)
        except: 
            try: return eval(s)
            except: return {}

    def get_cols(s):
Confidence
99% confidence
Finding
try: return eval(s)

eval() call detected

High
Category
Dangerous Code Execution
Content
def ld(s):
        try: return json.loads(s)
        except:
            try: return eval(s)
            except: return {}

    def gc(s):
Confidence
99% confidence
Finding
try: return eval(s)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and demonstrates shell execution and file-writing behavior but does not declare corresponding permissions. This creates a transparency and consent gap: users or platforms may not realize the skill can create or modify local files or invoke external programs such as Python or LibreOffice, increasing the risk of unintended file changes or command execution in sensitive environments.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior does not fully match the detected capabilities, including additional commands and especially parsing user-provided data with eval. Hidden or undocumented functionality reduces reviewability and trust, while eval on user input can lead to arbitrary code execution if the backing implementation follows the analysis finding.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Using eval for command-line data parsing grants code-execution powers far beyond the skill's stated Excel-processing purpose. Because the skill is expected to handle user-provided data payloads, this context makes the issue more dangerous, not less, since malformed input can become executable Python.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill prominently supports creating, modifying, merging, importing, exporting, and converting files without warning users about overwrite risk or local data modification. In a file-handling skill, omission of these safeguards makes accidental data loss or corruption materially more likely, especially when outputs reuse familiar filenames or operate on existing workbooks.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The AI analysis and insights features imply workbook contents may be processed for analysis, but there is no privacy notice or data-handling disclosure. Spreadsheet files often contain financial, personal, or confidential business data, so undisclosed AI processing can expose sensitive information to external models, logs, or downstream services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal