ClawHub

Skywork Excel

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Skywork Excel cloud integration, but it may send broad user files and prompts to Skywork unexpectedly and its setup guide can expose the API key.

Review before installing. Use this only for prompts and files you are allowed to send to Skywork, especially if they contain financial, business, personal, or client data. Avoid the setup commands that print your full API key or full config; use a set/not-set or masked check instead, and rotate the key if it has already been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill invokes a Python client that uses environment secrets, writes logs/files, and sends data to a remote backend, but it does not declare corresponding permissions. This creates a transparency and governance gap: users and policy layers may not realize the skill can access API keys, write local artifacts, and transmit user data off-platform.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The keyword list contains many generic terms such as 'chart', 'forecast', and 'analyze data' in multiple languages, which are likely to match benign or unrelated user requests. Over-triggering is especially risky here because the skill is designed to upload user files and raw queries to a third-party backend.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The keyword list contains many generic terms such as 'chart', 'forecast', and 'analyze data' in multiple languages, which are likely to match benign or unrelated user requests. Over-triggering is especially risky here because the skill is designed to upload user files and raw queries to a third-party backend.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to pass user queries as-is and send file paths to a backend that will read uploaded files, yet it lacks a prominent user-facing warning that files and prompts are transmitted to an external service. This undermines informed consent and can expose sensitive spreadsheet, PDF, image, or financial data to a third party without clear disclosure.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
Defaulting to zh-CN without explicit user opt-in can cause unintended routing, localization mismatches, or processing in a language/region the user did not request. While not inherently a direct exploit, it can increase privacy/compliance risk and lead to incorrect outputs or unexpected handling of user data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide tells users to verify configuration with `echo "$SKYWORK_API_KEY"`, which prints the full secret to the terminal, shell history context, screen recordings, logs, or shared sessions. This is a real credential-handling weakness because it normalizes exposing a live API key without any warning or masking guidance.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal