ClawHub
Back to skill

Security audit

google-sheets-soha

Security checks across malware telemetry and agentic risk

Overview

This Google Sheets skill is mostly coherent and read-only, but its broad activation and unsafe shell command templates deserve review before use.

Review this skill before installing. Use a dedicated read-only Google service account or restricted API key, share only intended sheets, avoid sensitive spreadsheets unless local caching is acceptable, and do not use it with untrusted sheet IDs or tab names unless the command templates are changed to a safer native API client or properly escaped arguments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Low
Confidence
86% confidence
Finding
The skill is described as read/analyze only, but it also stores spreadsheet contents on local disk and includes cache-clearing behavior. This creates a data-retention surface that users may not expect, especially if sheets contain sensitive business or personal data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises automatic activation for very broad terms such as "sheet" and casual phrases like "check my sheet," which can cause the skill to trigger on unrelated conversations. In an agent environment, overbroad routing can expose spreadsheet contents unexpectedly or cause the agent to access external data when the user did not clearly intend that action.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Trigger phrases such as "refresh," "reload," and "get latest data" are extremely generic and can appear in ordinary conversation unrelated to this skill. If interpreted as control commands, they may cause unintended re-fetching of data, bypass user expectations about cache behavior, and trigger unnecessary external API access.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger includes broad generic phrases like 'sheet' and 'check my sheet,' which can cause the skill to activate in unrelated contexts. In this skill, unintended activation is more dangerous because activation may lead to external API requests and local caching of user-linked spreadsheet data without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill does not clearly warn users that fetched sheet contents are cached on disk. This is a meaningful privacy and data-handling issue because spreadsheet data may contain sensitive information, and local persistence increases exposure beyond the immediate session.

External Script Fetching

High
Category
Supply Chain
Content
| python3 -c "import sys,json; d=json.load(sys.stdin); [print(s['properties']['title']) for s in d['sheets']]"

# Fetch tab data
curl -s "https://sheets.googleapis.com/v4/spreadsheets/{SHEET_ID}/values/{TAB_NAME}!A1:Z1000?key={GOOGLE_API_KEY}" \
  | python3 -c "import sys,json; d=json.load(sys.stdin); print(json.dumps(d.get('values',[])))"
```
Confidence
90% confidence
Finding
curl -s "https://sheets.googleapis.com/v4/spreadsheets/{SHEET_ID}/values/{TAB_NAME}!A1:Z1000?key={GOOGLE_API_KEY}" \ | python

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal