lhx1

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet skill appears purpose-built, but it automatically writes a persistent LibreOffice macro into the user's application profile when recalculating formulas.

Review before installing. Use it only with trusted spreadsheet files, keep backups, and be aware that formula recalculation will run LibreOffice locally and may leave a macro in your LibreOffice profile. Prefer asking the agent to save modified workbooks as copies and to confirm before overwriting existing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to read and write arbitrary spreadsheet files and to invoke shell commands (`python recalc.py ...`) but does not declare corresponding permissions. That mismatch is dangerous because it can cause the skill to be activated with capabilities the user or platform has not explicitly scoped, increasing the risk of unauthorized file access or command execution in a sensitive workspace.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script persistently installs or overwrites a LibreOffice application macro in the user's profile, changing application-wide behavior outside the target workbook. That is dangerous because it creates lasting side effects, may interfere with user trust and macro policy, and broadens the blast radius if the macro mechanism is later abused or invoked unexpectedly.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation description is very broad, covering nearly any spreadsheet-related task across multiple file types and workflows without clear exclusions or trust boundaries. This can cause over-triggering, leading the agent to access or modify spreadsheets in situations where the skill was not intended, especially when files may contain sensitive data or macros.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Writing a macro file into the user's LibreOffice profile without a clear warning or consent is a risky side effect, especially in an agent skill context where users may expect file processing, not persistent environment changes. This can surprise users, bypass informed consent, and leave behind executable content in a trusted application location.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal