ClawHub

Google Sheets Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a real Google Sheets assistant, but its script has unsafe command construction that could run crafted spreadsheet or input content on the user's machine.

Review before installing. Use only with Google Sheets and accounts you are comfortable routing through Maton, avoid AI commands for confidential sheets unless EvoLink processing is approved, and do not run it on untrusted spreadsheets or crafted inputs until the script is fixed to pass data through stdin, files, or encoded arguments instead of embedding it into Python source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares required binaries and environment variables and clearly instructs users to run shell commands that perform networked operations and create temporary files, yet it does not declare explicit permissions for shell, network, or file write capabilities. This mismatch can defeat user and platform expectations about what the skill is allowed to do, reducing transparency and increasing the risk of unintended data access or exfiltration through its proxy services.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The ai-analyze flow fetches spreadsheet contents and forwards raw data to the external EvoLink API for processing. While this may be intended product behavior, the manifest description does not clearly disclose third-party transmission of spreadsheet contents, so users may expose sensitive business or personal data without informed consent.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The ai-summary command sends both spreadsheet metadata and truncated sheet contents to a third-party AI service. This creates a privacy and data-governance risk because workbook titles, structure, and cell contents may contain confidential information, yet the skill description does not clearly warn that this data leaves the Google/Maton context.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The suggested trigger phrases are very broad, such as requests to read, create, analyze, summarize, or format spreadsheets, and could overlap with ordinary user conversation. That increases the chance of accidental invocation of a skill that can access Google Sheets data and send spreadsheet contents to third-party services, especially because the skill supports write operations and optional AI transmission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The AI analysis command transmits spreadsheet JSON to an external model without an explicit warning at runtime. Even though the feature is labeled as AI-powered, users are not directly told that their spreadsheet data will be sent to a separate provider, which can violate privacy expectations and organizational data-handling rules.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The AI summary path sends spreadsheet metadata and sheet contents to EvoLink with no explicit privacy warning in the command flow. In environments where spreadsheet names, row contents, or sheet dimensions are sensitive, this undisclosed transfer can create confidentiality and compliance issues.

Ssd 3

Medium
Confidence
94% confidence
Finding
This code intentionally forwards raw spreadsheet data to an external LLM for analysis. The behavior aligns with the advertised AI functionality, but it remains security-relevant because raw spreadsheet contents may include secrets, PII, financial data, or proprietary business information that should not be sent off-platform without strong disclosure and controls.

Ssd 3

Medium
Confidence
95% confidence
Finding
The summary feature forwards spreadsheet metadata and contents to an external model as part of a natural-language summarization workflow. In context, this is likely a product feature rather than covert exfiltration, but it still increases exposure of potentially confidential information because titles, structure, and data values are all sent to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal