ClawHub

lhx

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet helper mostly matches its purpose, but formula recalculation installs a persistent LibreOffice macro in the user's profile and can overwrite an existing macro file.

Review before installing if you use LibreOffice or keep macros in your profile. Use copies of important spreadsheets, avoid running it on untrusted macro-enabled workbooks, and prefer a version that recalculates in an isolated temporary LibreOffice profile or asks before changing application-level macro files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs reading and writing local files and executing a shell command (`python recalc.py ...`), yet the metadata declares no permissions. That mismatch weakens policy enforcement and user visibility into what the skill can do, increasing the chance of unintended file access, overwrite, or command execution in environments that rely on declared permissions for trust and gating.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is extremely broad and can activate for many ordinary spreadsheet tasks, causing the skill to be selected in situations beyond the user's likely intent. Because the skill includes file modification and shell-driven recalculation behavior, over-broad triggering expands exposure to unnecessary file changes and tool use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow authorizes creating and modifying Excel files but does not require an explicit user warning or confirmation before changing files or choosing an output path. In practice, this can lead to silent overwrites, edits to the wrong workbook, or persistence of unintended changes, especially when handling existing templates.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented operations `insert_rows` and `delete_cols` are structurally destructive and can break formulas, references, and stored data, yet the skill provides no warning or safeguard around data loss. In a spreadsheet-editing context, these actions can silently corrupt workbooks or remove user data if applied to the wrong range or file.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently writes a LibreOffice Basic macro into the user's persistent application profile, changing global behavior outside the scope of the current task. In a skill that may process untrusted spreadsheets, persisting executable macro code in the user's office profile increases the attack surface, creates unintended side effects across future LibreOffice sessions, and violates least surprise and least privilege.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal