Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
lhx1112
v1.0.12Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to provide spreadsheet creation/editing/analysis and formula recalculation; the included recalc.py implements a LibreOffice-based recalculation workflow and cell scanning consistent with that purpose.
Instruction Scope
SKILL.md and recalc.py mostly stay within spreadsheet tasks (reading/writing Excel, adding formulas, using pandas/openpyxl). However, the runtime instructions and the script explicitly configure LibreOffice on first run by writing a Basic macro into the user's LibreOffice config directory—this is beyond simple file I/O and is a persistent configuration change (the SKILL.md does mention automatic configuration, so the behavior is expected but noteworthy).
Install Mechanism
There is no network download or external install script. The skill is instruction-only with a single included Python script. No external packages are fetched by the skill itself (it assumes LibreOffice, pandas/openpyxl are available). This is lower risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or credentials. The only system access is reading/writing files and creating a macro file under the user's LibreOffice config path (~/.config/libreoffice/... or macOS equivalent), which is functionally required for the chosen approach but should be highlighted to the user as it touches application configuration.
Persistence & Privilege
The script creates a persistent macro file (Module1.xba) in the user's LibreOffice user basic module directory. Even though the macro content is limited (calls calculateAll, store, close), this is a durable change to the user's application config and could be surprising. The skill is not marked always:true and does not request broader system privileges, but the macro file is persistent until removed.
Assessment
This skill appears to do what it says: it recalculates formulas using LibreOffice and checks for Excel errors. Important things to consider before installing/use: (1) The recalc.py script will create a LibreOffice macro file in your user config directory (~/.config/libreoffice/... or macOS Application Support). That is a persistent change—inspect the macro (Module1.xba) to confirm it only does the expected calculate/store/close actions. (2) The script assumes LibreOffice is installed and uses soffice; ensure this is acceptable in your environment. (3) There are no network calls or credential requests, which reduces exfiltration risk, but because a macro is written to your profile, consider backing up your existing LibreOffice user/basic directory before running and run the script in a controlled account (or container) if you are in a sensitive environment. (4) If you want higher assurance, review recalc.py source and the exact macro content, and remove the macro after use if you prefer no persistent changes.Like a lobster shell, security has layers — review code before you run it.
latestvk97ds2cp7hebhz188j18tjsm7183hta4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.