ClawHub

lhx1112

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet skill mostly matches its purpose, but its recalculation helper makes persistent changes to the user's LibreOffice macro profile without clear disclosure or cleanup.

Review before installing. Use it only if you are comfortable with a spreadsheet skill that can modify local workbooks and alter your LibreOffice macro profile. Back up important spreadsheets and existing LibreOffice macros, and prefer an isolated environment or temporary LibreOffice profile for sensitive or untrusted files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly enables file reads, file writes, and shell execution through examples such as loading/saving workbooks and running `python recalc.py`, yet it declares no permissions. That mismatch can prevent proper policy enforcement and user understanding, increasing the chance the skill is invoked with capabilities that are broader than expected.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description covers nearly all spreadsheet creation, editing, analysis, visualization, and recalculation tasks across multiple file types, which is broad enough to trigger on many common requests. In a skill that can modify files and launch external processes, overly broad routing increases the risk of unexpected invocation and unintended side effects.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The examples demonstrate creating and modifying spreadsheet files directly, including overwriting or saving outputs, without any user-facing notice that files may be changed. In practice this can lead to silent modification of local documents, especially when paired with a broadly scoped spreadsheet skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to run a local script via `python recalc.py` and rely on LibreOffice automation, which introduces shell execution and external process risk. Even if intended for formula recalculation, invoking local scripts and office software can expand the attack surface, especially if file paths or workbook contents are attacker-controlled.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently writes a LibreOffice Basic macro into the user's global LibreOffice profile, creating persistent code in application configuration outside the target document. In an agent skill context, this is more dangerous because it modifies the host environment and leaves behind executable automation that may affect later LibreOffice usage or other workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal