Andrew Google Sheets

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Sheets helper, but it needs OAuth access that can read, write, create, and list spreadsheet data in the user's Google account.

Install only if you are comfortable granting OAuth access to Google Sheets. Expect the skill to store a local token, list spreadsheet names and IDs during setup or search, and perform real writes or clears when invoked; keep the credential files private and revoke the Google authorization when you stop using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill performs networked OAuth/API operations against Google services, but the skill metadata does not declare permissions accordingly. This weakens transparency and informed consent, making it easier for a user or hosting agent to invoke remote access without clearly understanding that external network communication and account-scoped API access will occur.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The documented purpose understates or misstates behavior: the skill can enumerate Drive spreadsheet metadata, search user files, and create new spreadsheets, while implying formatting features that are not implemented. This is dangerous because users may authorize broader access than expected, especially when file discovery across their Drive is involved.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The script goes beyond pure Sheets operations and enumerates the user's spreadsheet files through the Drive API. Even though the current OAuth scope is limited to Sheets, listing spreadsheet metadata expands visibility into the user's assets and can expose names, IDs, and timestamps that are unnecessary for basic sheet editing.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The comments state the permission scope is only for Sheets read/write, but the same credentials are then used to call the Drive API. This mismatch can mislead reviewers and users about the actual behavior of the skill, reducing informed consent and making scope creep harder to detect.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill advertises write, append, and create operations on remote Google Sheets data without prominent user-facing warnings about modifying cloud-hosted content. In an agent setting, silent or poorly signposted write capabilities can lead to unintended data alteration or loss if invoked with ambiguous prompts.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: OAuth client secrets and refreshable tokens are stored in predictable files under the user's home directory without any warning, hardening, or permission checks. On multi-user systems or misconfigured environments, these files may be exposed to other local users, enabling unauthorized access to the victim's Google data.

Credential Access

High

Category: Privilege Escalation
Content: ## Integration with Other Google Skills Same OAuth credentials (`~/.google-credentials.json`) are shared with `google-calendar` and `google-tasks` skills, so you only need to authenticate once!
Confidence: 90% confidence
Finding: credentials.json

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal